Uber to pay $5.79 mn to Washington state for data breach

San Francisco: American ride-sharing giant Uber will pay about $5.79 million to drivers and passengers in Washington state for failing to notify them of possible leak of their personal information, Washington Attorney General (AG) Bob Ferguson’s office said on Wednesday.

Ferguson said he will return more than 2.2 million dollars to the Uber drivers affected by a November 2016 data breach at Uber.

The money is part of the $5.79 million package to be paid by Uber for “violating Washington state’s data breach notification law and for failing to adequately safeguard the personal data of Uber drivers,” the Washington AG Office said in a statement.

“The breach affected more than 57 million drivers and passengers worldwide, including nearly 13,000 Uber drivers in Washington,” it noted, adding that most Washingtonians who drove for Uber in 2013 and 2014 will each receive $170.

Uber acknowledged the breach reported in November 2016 when an individual contacted the company, claiming he had illegally accessed its user information, including the names and driver license numbers of more than 7 million drivers for the company around the world, including nearly 13,000 in Washington state.

The hacker also obtained the login, encrypted password, and some geolocation information for nearly 50 million riders worldwide.

Washington was one of a few states that sued Uber over its conduct related to the data breach prior to the multistate resolution, the AG Office said.

Washington received a larger share of the nationwide 148 million dollar settlement because Ferguson sued Uber in 2017 for the November 2016 data breach.

Ferguson has asked Uber to tighten protection of the personal information of its riders and drivers and provide an independent assessment about its security measures to the AG Office every two years for the next decade.

[source_without_link]IANS[/source_without_link]