AG Balderas Reaches $148 Million Settlement With Uber Over Data Breach

Attorney General Hector Balderas  

From the Office of the Attorney General:

ALBUQUERQUE – Today, Attorney General Hector Balderas announced that he, along with the other 49 states and the District of Columbia, has reached an agreement with California-based ride-sharing company Uber Technologies, Inc. (Uber) to address the company’s one-year delay in reporting a data breach to its affected drivers.

“Companies have an obligation to report data breaches to their customers, and Uber failed to do so in a timely manner,” Balderas said. “When New Mexicans’ personal information is on the line, rapid response is hugely important.”

Uber learned in November 2016 that hackers had gained access to some personal information that Uber maintains about its drivers, including drivers’ license information pertaining to approximately 600,000 drivers nationwide.

Uber tracked down the hackers and obtained assurances that the hackers deleted the information. However, even though some of that information, namely drivers’ license numbers for Uber drivers, triggered laws requiring them to notify affected individuals and report to regulatory agencies, Uber failed to report the breach in a timely manner, waiting until November 2017 to report it.

As part of the nationwide settlement, Uber has agreed to pay $148 million to the states. New Mexico will receive approximately $760,000. In addition, Uber has agreed to strengthen its corporate governance and data security practices to help prevent a similar occurrence in the future.

The settlement between The State of New Mexico and Uber requires the company to:

Comply with New Mexico data breach and consumer protection law regarding protecting New Mexicans’ personal information and notifying them in the event of a data breach concerning their personal information;

Take precautions to protect any user data Uber stores on third-party platforms outside of Uber;

Use strong password policies for its employees to gain access to the Uber network;

Develop and implement a strong overall data security policy for all data that Uber collects about its users, including assessing potential risks to the security of the data and implementing any additional security measures beyond what Uber is doing to protect the data;

Hire an outside qualified party to assess Uber’s data security efforts on a regular basis and draft a report with any recommended security improvements. Uber will implement any such security improvement recommendations; and,

Develop and implement a corporate integrity program to ensure that Uber employees can bring any ethics concerns they have about any other Uber employees to the company, and that it will be heard.

All 50 states and the District of Columbia are participating in this multistate agreement with Uber.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems

Facebook Rss Twitter Youtube

Subscribe to your choice of breaking and/or daily news headlines.

Copyright © 2012-2024 The Los Alamos Daily Post is the Official Newspaper of Record in Los Alamos County. This Site and all information contained here including, but not limited to news stories, photographs, videos, charts, graphs and graphics is the property of the Los Alamos Daily Post, unless otherwise noted. Permission to reprint in whole or in part is hereby granted, provided that the Los Alamos Daily Post and author/photographer are properly cited. Opinions expressed by readers, columnists and other contributors do not necessarily reflect the views of the Los Alamos Daily Post. The Los Alamos Daily Post newspaper was founded Feb. 7, 2012 by Owner/Publisher Carol A. Clark.