Uber agrees to expanded FTC settlement after 2016 data breach

The FTC revisited the original agreement after it was revealed the ride-hailing company had covered up the breach for more than a year.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

Uber will now have to provide to the FTC all reports from third-party audits. 

Sarah Tew/CNET

Uber has agreed to expand the terms of its settlement with the US Federal Trade Commission after announcing a major breach in 2017.

In a settlement with the FTC in August, the ride-hailing company agreed to 20 years of audits after allegations that it made deceptive claims about its privacy and data security. That original agreement also required Uber to start a new privacy program.

The FTC decided to revisit that settlement after the company announced in November that hackers stole data on 57 million users and drivers. The breach, which happened in October 2016, had been covered up for more than a year. Uber paid the thieves $100,000 to delete the information. 

"After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while the Commission was investigating the company's strikingly similar 2014 breach," acting FTC Chairman Maureen Ohlhausen said in a statement Thursday. 

Under the new terms of Uber's settlement with the FTC, the company will now be required to provide records of its bug bounty reports related to vulnerabilities affecting consumer data. It'll also have to provide to the FTC all reports from third-party audits, rather than just the first assessments, according to the new terms

"I am pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts," Uber's chief legal officer, Tony West, said in a statement. 

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.