Following Lax FTC Action, State AGs Fine Uber $148 Million in Data Breach Case

The attorneys general of all 50 states and the District of Columbia have settled their lawsuit with Uber for $148 Million. The nationwide investigation found that Uber had violated data breach notification laws because the company payed a hacker $100,000 to keep quiet about the breach instead of notifying consumers that their information had been compromised. The settlement also requires Uber to adopt model data breach notification and data security practices, a corporate integrity program, and hire an independent third party to conduct data security assessments. After Uber made the breach public, EPIC wrote detailed comments to the FTC and the agency revised its settlement with the company. While EPIC supported the FTC's action, EPC said that "the FTC should make Uber's privacy assessments public so that consumers can evaluate whether the company is meeting its obligations under the Consent Order." The FTC's initial investigation and subsequent settlement with Uber were prompted by EPIC's complaint against Uber in 2015.


« Indian Supreme Court Imposes New Limits on National Identity System | Main | Senate Committee Moves to Vote on Kavanaugh with White House Records on Mass Surveillance Still Secret »

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.