TO CLOSE

Uber aims to enhance the safety of drivers and passengers in order to restore confidence in the brand before its IPO scheduled for next year. The porting company has added features to protect privacy, contact EMS and detect unplanned downtime. (September 5th)
AP

SAN FRANCISCO – Uber agreed Wednesday to pay $ 148 million to settle cases in 50 states following a data breach in 2016 that affected 50 million customers worldwide and 7 million drivers.

While data breaches in large corporations have become the norm, Uber stands out for two reasons: the then CEO, Travis Kalanick, and his executives paid $ 100,000 to hackers responsible from the violation and decided to wait a year publicly disclose the incident.

The resolution of Attorney General's claims in all states and in the District of Columbia was a way for current CEO Dara Khosrowshahi to reinforce the message of a public campaign to clean up Uber's reputation.

The violation was not disclosed until November 2017, a few months after Ex-Expedia CEO Khosrowshahi drove the traveling giant and ordered an internal investigation into the violation.

After discovering the violation, Khosrowshahi fired security chief Joe Sullivan and Craig Clark, a senior lawyer who was in Sullivan. The Uber investigation determined that no customer or driver data had been abused by hackers.

The breach began when attackers accessed Github.com, a website used by software engineers, and obtained login credentials for information stored on an Uber-controlled Amazon Web Services account, Bloomberg said. In this account, they found an archive containing driver and driver data.

The rapid Uber sprint of the San Francisco start-up in 2009 to the global mobility solution was brutally hampered in early 2017, when former engineer Susan Fowler wrote an article describing a company where the sexist behaviors were not mastered. This, coupled with the disclosure of business practices that bypassed the law, led to the disappearance of Kalanick.

"Uber's decision to conceal this violation was a flagrant violation of public trust," said Xavier Becerra of California in a statement. "In accordance with its corporate culture at the time, Uber swept the … This regulation is circulated to all so that we hold them responsible for protecting this data.

Uber's legal director, Tony West, wrote in a blog that his first day of work last year was actually spent making calls related to the data breach.

"The decision of our current management team to disclose the incident was not just the right thing to do, it embodies the principles by which we run our business today: transparency, integrity and accountability ", wrote West. "An important element to uphold these principles is to take responsibility for the mistakes of the past, to learn from them and to go forward."

Under the terms of the settlement, Uber also agreed to maintain stronger security practices, led by a security officer who reports to his board of directors; comply with state laws regarding the protection of consumer information; disclose all quarterly security incidents for two years; and maintain a corporate integrity program that includes a phone line to report misconduct and institute annual Code of Conduct training.

Contributor: Elizabeth Weise

Follow the journalist TODAY USA Marco della Cava: @marcodellacava

Read or share this story: https://usat.ly/2IgJPKl