Uber has agreed to an expanded settlement with the Federal Trade Commission over claims that the ride-hailing company deceived customers about how it handled their data.
Uber will have to notify the FTC if customer data is exposed in any future incidents or hacks. Uber is not on the hook for any payments or fines under the agreement. However, if the company fails to notify the FTC of another breach, it could face civil penalties.
The FTC and Uber first hashed out a settlement last year over Uber's privacy practices related to a 2014 breach.
But Uber failed to disclose that data on 57 million users and drivers around the world had been exposed in a separate incident in 2016.
The company quietly paid the hackers responsible for taking the information $100,000 to delete the data. Uber claimed the payment was part of a program that rewards computer researchers for finding bugs.
The breach was made public in November 2017, during new CEO Dara Khosrowshahi's first week on the job.
The FTC said the expanded settlement seeks to ensure Uber "does not engage in similar misconduct again."
"After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while the Commission was investigating the company's strikingly similar 2014 breach," acting FTC chairman Maureen Ohlhausen said in a statement.
Under the expanded settlement, all third-party audits of Uber's privacy program will be sent to the FTC. The agreement will be posted publicly and open to comment for 30 days, after which the FTC can make it official.
"I am pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts," Uber Chief Legal Officer Tony West said in a statement.
- FTC to keep Uber on short leash over hacks
- Uber accused of espionage, hacking and bribery in bombshell letter
- Facebook data practices under investigation, FTC confirms
- FTC cracks down on fake charities for veterans
- Facebook could be in hot water with the FTC — again
- McCaskill: Attempted hacking 'not successful'
- Marriott's guest reservation system hacked
- Corrections officer drives Uber
- Bitcoin exchange goes bust after hack
- Hugh Grant settles phone-hacking case