Login Register Subscribe
Current Issue

Uber to pay $20,000 after stalling on data breach announcement

Reprints

Uber Technologies Inc., the ride-sharing service, has agreed to pay a $20,000 fine in connection with its alleged late notification of a data breach in a settlement under which it also agreed separately to adopt better data security protection of its riders' personal information, said New York attorney general Eric T. Schneiderman.

Mr. Schneiderman said in a statement Wednesday the San Francisco-based firm did not notify its drivers and his office of a September 2014 data breach until Feb. 26, 2015. Uber drivers' names and driver license numbers had been accessed by an unauthorized third party, the statement said.

The statement said also that in November 2014 the attorney general had opened an investigation into Uber's collection, maintenance and disclosure of rider personal information amid reports that Uber executives had access to riders' locations and that Uber displayed this information in an aerial view known internally as “God View.”

The settlement requires Uber to encrypt New York riders' geographical location, and adopt multi-factor authorization that would be required before any employee could access especially sensitive rider information, as well as other leading data security practices, the statement said.

“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” said Mr. Schneiderman in the statement.

An Uber spokesman could not immediately be reached for comment.

Last month, Uber partially won a ruling that could potentially put a hold on the outcome of a lawsuit against the ride service placed by California drivers over their employment status.