Company waited a year to report breach to 600,000 drivers, including 2,500 in Kentucky
FRANKFORT, KY. (Sept. 26, 2018) – Attorney General Andy Beshear has secured over a half a million dollars for Kentucky from a settlement with California-based ride-sharing company Uber Technologies Inc. over a 2016 nationwide data breach that exposed drivers’ license information of 600,000 of its drivers.
In Kentucky, more than 2,500 Uber drivers were affected by the breach.
The more than $663,452 from the settlement will be placed into the state’s General Fund for lawmakers to appropriate during the 2020 legislative budget session.
While the leak of its drivers’ information triggered Kentucky law requiring the company to notify affected Kentucky residents who used the service, Uber failed to report the breach to its drivers in a timely manner, waiting until November 2017 or a year later.
“At a time in our nation when cyber-attacks are rampant throughout the public and private sectors, it’s even more critical companies like Uber instantly alert a data breach to help minimize the harm for those whose information was taken,” Beshear said. “The more than $600,000 we secured in this settlement is a sizable amount for our General Fund, and I’m confident our lawmakers will use it for Kentucky’s future.”
Over the last two and a half years in office, Beshear has returned nearly $9 million to the General Fund.
As part of the multimillion-dollar nationwide settlement, Uber agreed to strengthen its corporate governance and data security practices to help prevent a similar occurrence in the future.
The settlement requires the company to:
- Comply with Kentucky data breach and consumer protection laws regarding protecting Kentucky residents’ personal information and notifying them in the event of a data breach concerning their personal information;
- Develop and implement a strong overall data security policy;
- Hire an outside qualified party to assess Uber’s data security efforts; and
- Develop and implement a corporate integrity program to ensure that Uber drivers can report ethics concerns.
All 50 states and the District of Columbia are participating in this multistate agreement with Uber.
####