The Federal Trade Commission has strengthened its 2017 settlement with Uber because the company hid a massive data breach and bug bounty program in 2016. Under the revised settlement, Uber must submit all of its privacy audits to the FTC, and will face civil penalties if it fails to disclose another breach. In February 2018, EPIC advised Congress that "bug bounty programs do not excuse non-compliance with data breach notification laws." The FTC's 2017 settlement with Uber was the result of EPIC's 2015 complaint to the Commission detailing Uber's numerous privacy abuses. In public comments, EPIC advised the FTC to strengthen the settlement by making all of Uber's privacy audits available to the public.