Uber hit by massive fine

Uber's troubles are added to by the imposition of a cybersecurity-related fine.
28 September 2018

The ride-hailing giant has been hit by a large US-wide fine. Source: Shutterstock

Ride-hailing giant Uber has agreed to pay a fine of US$148 million over a data breach that occurred in 2016. The company concealed the breach for a year, after it paid hackers US$100,000 to destroy the information it lost, and attempted to ensure the thieves’ silence, in a bid to prevent bad publicity.

The company disclosed the breach last year shortly after Dara Khosrowshahi took over as chief executive, who promised a new, more open way of doing business for the company.

The stolen data involved personal information on riders and drivers, nearly half of whom are from the United States.

As a further part of its attempts to improve corporate transparency on Khosrowshahi’s appointment, Uber revoked its previous policy that made arbitration mandatory over any claim of sexual misconduct involving drivers, riders and employees. This allowed cases to be heard in public courts in the US.

It is thought that Uber is currently seeking a public flotation, and currently commands a total value of more than US$70 billion.

The company’s agreement to pay this recent penalty means the company avoids a lengthy and, we assume, highly public court case. The payment is a settlement for combined multiple claims from states across the US.

“The commitments we’re making in this agreement are in line with our focus on both physical and digital safety for our customers,” Uber’s Chief Legal Officer Tony West said while announcing the settlement.

“We know that earning the trust of our customers and the regulators we work with globally is no easy feat […] We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”

In Illinois, Attorney General Lisa Madigan said her office would pay each Illinois driver which who either still works for, or used to work for Uber, US$100 each by way of compensation from a US$5 million fund.

“While Uber is now taking the appropriate steps to protect the data of its drivers in Illinois and across the country, the company’s initial response was unacceptable,” Madigan said. “Companies cannot hide when they break the law.”

New York Attorney General Barbara Underwood said: “This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation.”

In February, Uber agreed to pay US$245 million to Alphabet, Google’s umbrella company, to settle an action over allegedly stolen trade secrets from Waymo, the self-driving car unit.

Uber is potentially facing further inquiries in the United States and elsewhere over other issues of data security, illegal practices involving software routines deployed against rivals, and several cases of sexual discrimination.

Data released from the second quarter financial results show that Uber lost US$891 million on total revenue of US$2.8 billion.