Uber to pay NC $3.66 million over data breach

Uber has agreed to pay $148 million to state governments throughout the country–of which $3.66 million will be paid to North Carolina–as part of a settlement agreement announced Sept. 26.

The ride-hailing company will also increase data security to adhere to state consumer protection laws going forward after it failed to promptly inform drivers that their personal information had been stolen by hackers.

The North Carolina Attorney General’s office announced in a press release that North Carolina will receive $3,661,800. The state will provide each Uber driver impacted in state with a $100 payment.

“Data breaches are increasingly becoming a major problem for North Carolinians,” Attorney General Josh Stein said in the press release. “Notifying my office and the public allows people to take necessary precautions to protect their information. In failing to do so, Uber put its drivers at risk.”

Attorney generals from all 50 states sued the company over its delay in reporting the data breach. The hack took the personal data, including driver’s license information, for roughly 600,000 Uber drivers in the U.S., the Associated Press reports. The hack also took the names, email addresses, and cell phone numbers of 57 million riders around the world.

The company acknowledged the hack in November 2017, nearly a year after it occurred, saying they paid $100,000 in ransom for the stolen information to be destroyed.

Tony West, Uber’s chief legal officer said the settlement was “the right thing to do.”

“It embodies the principles by which we are running our business today: transparency, integrity, and accountability,” West told the AP. “An important component of living up to those principles means taking responsibility for past mistakes, learning from them, and moving forward.”

West said the company just hired former counsel to the National Security Agency as its new chief trust and security officer.