Maryland to share in the $148M Uber settlement after data breach

| October 9, 2018
Rams Head

Maryland Attorney General Brian E. Frosh has announced a multistate settlement with California-based ride-sharing company Uber Technologies, Inc. (Uber) to address the company’s one-year delay in reporting a data breach involving the personal information of its drivers.

Uber learned in November 2016 that hackers had gained access to personal information that Uber maintains about its drivers, including the driver’s license information of approximately 600,000 drivers nationwide. Uber tracked down the hackers, and the states allege that Uber negotiated a deal in which Uber paid the hackers to delete the information and to not to disclose that the breach had ever occurred. Uber did not report the breach until November 2017, despite Maryland law requiring prompt breach notification to be provided to both affected individuals and the Attorney General.

“When personal information gets into the wrong hands because of a data breach, the chances of becoming a victim of identity greatly increase,” said Attorney General Frosh. “A one year delay in reporting a data breach makes the danger even greater for the victims.”

As part of the nationwide settlement, Uber has agreed to pay $148 million to the states, making it the largest multistate data breach settlement to date. Maryland will receive $4.447 million. In addition, Uber has agreed to strengthen its corporate governance and data security practices to help prevent a similar occurrence in the future.

Maryland’s share of the settlement will be used to provide each eligible Maryland Uber driver with a $100 payment. Eligible drivers are those whose driver’s license numbers were accessed during the 2016 breach. A settlement administrator will be appointed to provide notice and payment to eligible drivers. Details of that process will be announced by the Office of Attorney General after the effective date of the settlement.

The settlement between the State of Maryland and Uber requires the company to:

  • Comply with the State’s Consumer Protection Act and Personal Information Protection Act regarding protecting Maryland residents’ personal information and notifying them in the event of a data breach concerning their personal information;
  • Take precautions to protect any user data Uber stores on third-party platforms outside of Uber;
  • Use strong password policies for its employees to gain access to the Uber network;
  • Develop and implement a strong overall data security policy for all data that Uber collects about its users, including assessing potential risks to the security of the data and implementing any additional security measures beyond what Uber is doing to protect the data;
  • Hire an outside qualified party to assess Uber’s data security efforts on a regular basis and draft a report with any recommended security improvements. Uber will implement any such security improvement recommendations; and,
  • Develop and implement a corporate integrity program to ensure that Uber employees can bring any ethics concerns they have about any other Uber employees to the company, and that it will be heard.

Maryland was on the Executive Committee that negotiated the settlement agreement. All 50 states and the District of Columbia are participating in this multistate agreement with Uber.

Information on how to protect your identity, or what to do in the event of a data breach can be found in the Maryland Office of Attorney General’s Identity Theft Guide. Consumers who believe they may be a victim of identity theft should contact the Attorney General’s Identity Theft Unit by calling (410) 576-6491 or by sending an email to [email protected].

In making the announcement, Attorney General Frosh thanked Assistant Attorney General Richard Trumka Jr. for his work on the case.

Category: Local News, NEWS

About the Author - EOA Staff

Eye On Annapolis is a community based site focusing strictly on Anne Arundel County. These staff postings are general news postings made by our team of bloggers throughout the day and are not attributed to any one particular staff person.

Connect with the Author

Author's Website Facebook Twitter YouTube rss feed