To avoid criminal charges, Uber entered into a non-prosecution agreement with Federal Trade Commission (FTC) last Friday, as per Engadget.
Uber has taken responsibility for concealing a 2016 data breached that affected 57 million passengers and drivers. The ride hailing company admitted that it failed to notify FTC of the cyberattack.
Uber Plans to Cooperate with FTC
As part of the agreement, Uber said that it would cooperate in the prosecution of former chief security officer Joe Sullivan, who allegedly helped in covering up the hacking, according to Reuters.
Shortly after the incident was discovered, Sullivan was fired by the company.
In September 2020, Sullivan was originally indicted. According to prosecutors, he arranged to give the hackers $100,000 payment in bitcoin.
As per Reuters also, Sullivan also asked the hackers to sign a nondisclosure agreements, which falsely indicated that they had not stolen data.
According to U.S. Attorney Stephanie Hinds in San Francisco, it took a year before Uber report the breach.
The breach was reported when the company established an executive leadership who "established a strong tone from the top" when it comes to ethics and compliance.
Furthermore, Hinds added that Uber will not be criminally charged as a reflection of the "new management's prompt investigation and disclosures.
Moreover, it also reflects the 2018 agreement of the ride hailing company with the agency that it would keep a comprehensive privacy program for 20 years.
Uber employed a bounty program. This is created to give reward to security researchers who report flaws. However, no program exist for covering up data thefts.
In September 2018, to settle claims by all 50 U.S. states and Washington, D.C. that the ride hailing company did not act fast in disclosing the hacking, Uber paid $148 million.
On Friday, shares of Uber closed down 93 cents at $23.30. This is probably because the non-prosecution agreement was disclosed after U.S. markets closed.
Read Also: Uber Pin Code Now Available for All: 5 Steps to Activate and Avoid Getting in the Wrong Ride
Hackers Stole Uber's Passengers and Drivers' Data in 2016
According to reports, in late 2016, Uber was hacked by two hackers who stole personal data, including phone numbers, email addresses, and names of 57 million passengers. In addition, licenses of over 600,000 drivers working for the company were also stolen.
Sullivan, who was the Chief Security Officer of Uber at that time had decided to cover up the hack.
However, when a strong executive leadership took reign of the company, the breach was revealed. The breach that the company concealed for a year was revealed in 2017.
California Attorney General Xavier Becerra said in a statement that Uber's decision to conceal the breach was a "blatant violation of the public's trust."
The action of Uber only showed that it failed to safeguard user data and notify authorities when it was compromised.
"We know that earning the trust of our customers and the regulators we work with globally is no easy feat," Uber's Chief Legal Officer said in a statement.
Uber promised to continue investing in the protections of their customers and their data. The ride hailing company also commits itself to keep a constructive and collaborative relationship with the government.
Related Article: Uber CEO Khosrowshahi: Hiring Now Treated as 'Privilege' - Cost Cutting Measures To Be In Place?