Hawaii will receive about $700,000 as part of a $148 million nationwide settlement with California ride-sharing service Uber Technologies Inc. due to its delay in reporting that hackers had accessed the private information of some 600,000 drivers.
After tracking down the hackers Uber said it was assured the information was deleted. However, there was a one-year delay in informing drivers nationwide about the breach.
“This is a message to Uber and others that once a security breach is detected, the victims and law enforcement must be informed as soon as possible. Uber’s unreasonable delay of a year in alerting its affected drivers and law enforcement authorities is particularly appalling. Security breach laws exist to protect consumers, not a company’s reputation,” said Stephen Levins, executive director of the state Office of Consumer Protection, in a news release. “Hawaii law is clear, once a security breach is discovered, a company must provide notification without ‘unreasonable delay’ to both affected persons and the Office of Consumer Protection.”
As part of the settlement, Uber has agreed to strengthen data security and notify Hawaii residents in the event of a future breach involving personal information and take precautions to protect information stored by third parties; in addition to other requirements.
The settlement includes all 50 states and the District of Columbia.