Hawaii and the other 49 states plus the District of Columbia have reached an agreement with Uber over the company’s delay in reporting a data breach to its affected drivers.
According to the Hawaii Office of Consumer Protection, Uber learned in November 2016 that hackers gained access to personal information about its drivers, including drivers’ license information for about 600,000 drivers nationwide. Uber said it tracked down the hackers and was assured the hackers deleted the information. Hawaii law required Uber to notify affected Hawaii residents. However, the state says Uber waited until November 2017 to report it.
“Hawaii law is clear, once a security breach is discovered, a company must provide notification without ‘unreasonable delay’ to both affected persons and the Office of Consumer Protection,” Executive Director Stephen Levins said.
As part of the nationwide settlement, Uber has agreed to pay $148 million to the states. Hawaii will receive approximately $700,000. In addition, Uber has agreed to strengthen its corporate governance and data security practices to help prevent a similar occurrence in the future.