Apr 12, 2018 - Technology

Uber agrees to expand FTC settlement to include 2016 breach

The Uber ride sharing application is seen running on an iPhone in this photo illustration taken on 28 August, 2017. Photo: Jaap Arriens/NurPhoto via Getty Images

Uber has agreed to expand a proposed settlement with the FTC to include a 2016 breach that it didn't disclose until after it settled last summer over its privacy and security practices.

Backstory: In November, Uber disclosed that a year prior, hackers had accessed the account information of millions of customers—something it had concealed because it had convinced the hackers to delete the data in exchange for $100,000 as part of its bounty program.

  • The initial settlement stemmed from a similar 2014 incident in which hackers accessed the information of more than 100,000 drivers. Earlier in 2017 Uber also settled with the FTC over claims it made about how much drivers can earn.

The new settlement proposal includes additional requirements, such as that Uber submit to the FTC all required third-party audits of Uber’s privacy program instead of just the initial ones.

Go deeper