Uber has agreed to pay a $20,000 fine to New York Attorney General Eric Schneiderman’s office for failing to report unauthorized third-party access to its drivers’ personal information in timely manner, BuzzFeed reports. Schneiderman is expected to announce the settlement tomorrow morning, according to BuzzFeed.
This settlement comes after a 14-month investigation by Schneiderman’s office that was prompted by reports of an Uber executive using the company’s “God View” tool to track a reporter without her permission. That investigation later expanded to include the data breach that exposed the information of 50,000 Uber drivers, which Uber discovered in September 2014. Uber, however, did not tell anyone about it until February 2015, and that’s ultimately what got Uber in trouble.
“By not providing notice to affected New York residents and the NYAG about the Data Breach in the “most expedient time possible and without unreasonable delay,” Uber 6 violated GBL § 899-aa(2). Uber did so knowingly or recklessly in violation of GBL § 899- aa(6)(a),” the settlement reads.
In a statement to TechCrunch, an Uber spokesperson said the following: “We are deeply committed to protecting the privacy and personal data of riders and drivers. We are pleased to have reached an agreement with the New York Attorney General that resolves these questions and makes clear our commitment to best practices that put our community first.”
Uber has also committed to continuing doing things like conducting annual privacy and security trainings, designating employees to supervise the privacy and security program, and limiting access to geo-location information only to employees with “a legitimate business purpose.”
Anyway, a $20,000 fine for Uber is not a big financial blow for the company, which has amassed around $10 billion in funding, and is on the verge of being valued as high as $64.4 billion.