Uber Pay $148m Penalty For Breach Cover-Up

Attempting to cover up a data breach was a failed mission for Uber, who has announced that it has agreed to a $148m settlement with Federal Trade Commission (FTC). The fine for its 2016 data breach and cover-up sends a strong message not only to Uber but to organisations across all sectors that data breaches, whether disclosed or not, come at a hefty price.

“Companies can no longer get away with poor cybersecurity and sweeping incidents under the carpet,” said Rob Shapland, principal cybersecurity consultant at Falanx Group. 

"I would expect many companies will have tried to hide the fact that they’ve been breached, especially given the size of the potential fines. This case, and Uber’s punishment for not revealing that the breach had occurred, will hopefully give companies further warning of the risks posed by cyber-attacks, so that they take the security of the data they hold more seriously.”

In November 2017 Uber shocked the cybersecurity community when it confessed that it had indeed attempted to hide the fact that data of 57 million users was stolen. 

In response to the settlement news, Tim Erlin, VP at Tripwire, said, “There’s no doubt that the cover-up behavior was impactful in how this settlement played out. It’s a good reminder to all organisations of how a good breach response plan can help avoid poor decision making in the midst of an incident.

The fine is huge, which has some commentators wondering whether it is intended to set a precedent in order to deter other organizations from attempting to cover up future breaches.

“Trying to keep [a breach] quiet will of course be an idea by some senior ranked employees. However, this is inevitably the wrong thing to do, and Uber is surely being made an example of what not to do,” said Jake Moore, security specialist at ESET.

“Being open about customer data breaches at the earliest opportunity is not only ethically the right thing to do, but helps protect people from a multitude of other attacks which could follow as a result.”

Moreover, the fine speaks to the financial risks of compliance mismanagement. That a breach of such magnitude was able to happen was problematic enough, but paying the hackers $100,000 to delete the data and keep the breach quiet, rather than report the incident, was “A blatant disregard for governance and compliance, putting customers at risk,” said Pravin Kothari, CEO of CipherCloud.

“The takeaway lesson is that it is incumbent upon all of us to foster a culture in our companies such that our employees understand the ethical necessity of full disclosure and transparency. Protecting our customers and their data is not optional.”

Infosecurity-Magazine

You Might Also Read: 

Uber’s U-Turn On User Watching:

 

« Facebook Could Face A GDPR Fine Of $1.63bn
Russia Stands Accused Of Global Hacking Campaign »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

macmon secure

macmon secure

macmon secure develops network security software, focussing on Network Access Control.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky addresses all the cybersecurity needs of industrial organizations in its Kaspersky Industrial CyberSecurity (KICS) portfolio.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

GrayMatter

GrayMatter

GrayMatter provides Advanced Industrial Analytics, OT Cybersecurity, Digital Transformation and Automation & Control services to clients across the U.S. and Canada.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Custom Computer Specialist (CCS)

Custom Computer Specialist (CCS)

CCS offers an extensive range of services including cybersecurity solutions, consulting, implementation, and support to help our clients maximize the value derived from IT investments.

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.

Runecast Solutions

Runecast Solutions

Runecast Solutions is a global leader in AI-powered risk mitigation, security, continuous compliance and more efficient IT operations management.

Federal Office for the Protection of the Constitution (BfV)

Federal Office for the Protection of the Constitution (BfV)

The Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz - BfV) is the domestic intelligence services of the federal government of Germany.