In short: California Attorney General Xavier Becerra and San Francisco District Attorney George Gascón announced a settlement with Uber over the company’s 2016 data breach, with the startup agreeing to pay $148 million to multiple states whose citizens were affected by the ordeal. As part of the same agreement, Uber pledged to improve its cybersecurity practices, investing additional resources so as to minimize the chances of its users and drivers being compromised again. The company has yet to provide a comment on the matter but is unlikely to issue anything but a generic statement in response to the development.
Background: The 2016 data breach, conducted by two people, was aimed at Uber’s cloud provider and not the company’s own infrastructure. It compromised approximately 57 million users around the world and wasn’t publicly disclosed, which led to a wide variety of lawsuits against the San Francisco, California-based company. The ordeal was revealed late last year and has prompted an ouster of former Chief Security Officer Joe Sullivan, which was one of the first management changes made by Chief Executive Officer Dara Khosrowshahi who replaced Travis Kalanick last summer. Uber handled the original hack by paying $100,000 to its attackers in exchange for having the stolen data deleted. The transaction was officially made by its bug bounty program, prompting harsh criticism from a number of advocacy groups and government officials who described the move as a cover-up.
Impact: The latest turn of events marks the end of one of Uber’s last high-profile legal battles and paves the way for the company’s 2019 initial public offering that it’s trying to organize with as clean of a slate as possible. The development comes just hours before a Senate committee is scheduled to hold a hearing on digital privacy in the United States which will be attended by officials from Google, Amazon, Apple, and Twitter, though Uber won’t be represented at the happening.