Uber Agrees to Expanded FTC Settlement Without Fines Over Breach
Uber agreed to expand data breach disclosure and record-keeping requirements as part of a revised settlement proposed by the FTC in 2017, stemming from allegations the ride-hailing company “deceived consumers about its privacy and data security practices,” the agency announced…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Thursday. Civil penalties are possible if Uber fails to disclose future data breach incidents, the FTC said. The agency’s revised complaint alleges Uber learned in November 2016 that intruders accessed third-party cloud storage files containing more than “25 million names and email addresses, 22 million names and mobile phone numbers and 600,000 names and driver’s license numbers of U.S. Uber drivers and riders.” Uber failed to disclose that breach while the FTC was investigating the company for a similar 2014 data breach that was settled in August 2017, the FTC said. Uber paid intruders involved in the 2016 breach $100,000 as part of its third-party “bug bounty” program, but didn't alert consumers about the situation until November 2017, the FTC said. Acting FTC Chairman Maureen Ohlhausen said the expanded settlement is “designed to ensure that Uber does not engage in similar misconduct in the future.” Uber Chief Legal Officer Tony West wrote in a statement he's “pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts.”