Uber settles 2016 breach which affected 57 million users

Uber has admitted to and accepted responsibility for concealing a 2016 data breach which affected 57 million users and 600,000 drivers.

The ride-hailing giant’s admission to the US Federal Trade Commission (FTC) comes as part of a non-prosecution agreement signed with the FTC to resolve an investigation which ran from 2015 to 2017 into Uber’s data security practices.

According to the agreed facts, the hackers responsible for the breach used stolen credentials to access a private source code repository and obtain a private access key. From there, the hackers used the key to access and copy large quantities of data associated with Uber’s users and drivers.

The 2016 breach was not reported to the FTC until around a year later, when new executive leadership was managing the company.

When they learnt of the breach, the new leadership team investigated and disclosed the news to affected drivers, the public, law enforcement, and foreign and domestic regulators, including state attorneys general and the FTC.

The FTC agreement also notes that Uber settled civil litigation with the attorneys general for all 50 States and the District of Columbia related to the 2016 data breach, paying $148 million and agreeing to implement measures including a corporate integrity programme, specific data security safeguards, and incident response and data breach notification plans, along with biennial assessments.

The agreement also notes that Uber has invested substantial resources to significantly restructure and enhance the company’s compliance, legal, and security functions.

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.