As part of a settlement with U.S. prosecutors to avoid criminal charges, Uber Technologies Ltd. said this Friday it is willing to take responsibility for covering up a data breach that occurred in 2016 and compromised the information of more than 57 million riders and drivers. Prosecutors say a former Uber security chief paid hackers $100,000 worth of bitcoin to cover up the incident.
In a non-prosecution agreement, Uber admitted that its staff failed to report the November 2016 hack to the FTC, even as the agency investigated the ride-hailing company’s data security.
U.S. Attorney Stephanie Hinds in San Francisco said Uber waited about a year to report the violations after appointing new executive leadership, which “has started from the top on ethics and compliance.” established a strong tone.”
Hinds said the decision not to file criminal charges against Uber reflects swift investigations and disclosures by new management, as well as a 2018 agreement between Uber and the FTC to maintain the comprehensive privacy program for 20 years. The San Francisco-based company is also cooperating with the prosecution of former security chief Joseph Sullivan, alleging that he concealed the hack.
Uber did not immediately respond to a request for comment.