Uber was waiting for about one year before revealing the breach, according to US attorney Stephanie Hinds.
Uber Technologies on Friday accepted the responsibility of hiding a 2016 data breach which affected 57 million customers and drivers under a written agreement deal with US prosecutor to stay clear of criminal charges.
By signing a non-prosecution contract, Uber admitted that its staff did not reveal the hacking in November before the US Federal Trade Commission despite the fact that the agency was already conducting an investigation into Uber’s security of data.
US Attorney Stephanie Hinds in San Francisco stated that Uber had waited for about an entire year before reporting the breach after it had installed new leadership that “established an uncompromising leadership style emanating from top” about the ethics of compliance and.
The company based in San Francisco is also cooperating with investigation of an ex-security chief, Joseph Sullivan, over the alleged involvement in hiding the hacking.
Uber has not yet responded to requests for comments.
Sullivan was indicted initially on September 20, 2020. Prosecutors claimed Sullivan was able to pay hackers $100,000 (roughly the equivalent of. the sum of 79,893,350) by Bitcoin and then have their signatures on nondisclosure contracts in which they did not accurately state that they hadn’t stolen any data.
Uber had a bounty program that was designed to reward security researchers who find flaws, but not to cover data thefts.
In September of 2018, Uber paid $148 million (roughly 1182 crore rupees) to settle claims. 1 182 million) to settle claims made by the 50 US states as well as Washington, D.C., that the company was slow to report the hacking.
Uber shares fell by 93 cents to $23.30 (roughly the equivalent of Rs. 1,800) on Friday. The agreement on non-prosecution was made public just after US markets had shut down.