, | September 28, 2018

Compliance 101 – Uber has to pay $148 million for its 2016 data breach/coverup

Hackers in 2016 stole personal data for tens of millions of Uber users (and also drivers). Uber didn’t report the breach and decided to pay two hackers (one of them a 20-year old Floridian) $100K on HackerOne to stay quiet and delete the data.

HackerOne, btw, is described as “the most trusted hacker-powered security platform”, with HackerOne:

  • Response (a compliant process for receiving/acting on vulnerabilities discovered by third parties)
  • Challenge (improving pen-test results with a project-based vulnerability assessment program)
  • Bounty (a private, fully-managed bug bounty program for continuous coverage)

HackerOne receives an IRS W9 or W8BEN forms before payments can be made, and Reuters reported on Uber making payments to the Florida hacker on the platform.

All 50 states and D.C. filed a lawsuit and yesterday the California attorney general announced a settlement of $148 million with the company. Uber also agreed to strengthen its cybersecurity infrastructure and provide updates to the states on a quarterly basis.

Tony West, Uber’s CLO, joined once the prior chief security officer was fired, handled the cleanup process. The company said that the hackers had targeted third-party cloud-based services. Uber still has to deal with private party lawsuits and those of some specific cities.

A lot of important lessons on cybersecurity, compliance setups for financial services providers and the growing importance of Artificial Intelligence.

We discussed AI and cybersecurity/cryptocurrency issues in our most recent CSI roundtable in NY.

Share this post.


Daniel Enskat

Daniel has written over a dozen books on the global asset management industry and has lectured at universities around the world alongside speakers such as Secretary of State John Kerry, Dr. Mark Mobius, ex-Fed Chairman Alan Greenspan, Professor KC Chan and former Prime Minister Gerhard Schroeder.

He is widely sought after for presentations, discussions and his perspective on the global asset management industry, and in the last two decades has advised hundreds of investment management CEOs on strategy and global expansion.

Scroll to Top