September 26, 2018
LANSING – Michigan Attorney General Bill Schuette today announced that he, along with the other 49 states and the District of Columbia, has reached an agreement with California-based ride-sharing company Uber Technologies, Inc. (Uber) to address the company’s one-year delay in reporting a data breach to its affected drivers.
As part of the nationwide settlement, Uber has agreed to pay $148 million to the states. Michigan will receive $1,803,472.49. In addition, Uber has agreed to strengthen its corporate governance and data security practices to help prevent a similar occurrence in the future.
“Companies have a responsibility to be upfront and transparent with their customers, employees, and stakeholders,” said Schuette. “Uber failed to do that and now they are seeing the consequences of their actions.”
Uber learned in November 2016 that hackers had gained access to some personal information that Uber maintains about its drivers, including drivers’ license information pertaining to approximately 600,000 drivers nationwide. Uber tracked down the hackers and obtained assurances that the hackers deleted the information. However, even though some of that information, namely drivers’ license numbers for Uber drivers, triggered Michigan law requiring them to notify affected Michigan residents, Uber failed to report the breach in a timely manner, waiting until November 2017 to report it.
Michigan will provide each Uber driver impacted in the state with a $100 payment. Eligible drivers are those drivers whose driver’s license numbers were accessed during the 2016 breach. Some of those drivers may not still be driving for Uber today. A settlement administrator will be appointed to provide notice and payment to eligible drivers.
The settlement between the state of Michigan and Uber requires the company to:
All 50 states and the District of Columbia are participating in this multi-state agreement with Uber.