Uber drivers in Maryland whose drivers license information was accessed in a 2016 data breach at the ride-sharing company will receive $100 each as part of a $148 million settlement with the states.
Maryland will receive a little more than $4.4 million as part of the multistate settlement with Uber Technologies Inc. related to its one-year delay in reporting a data breach involving drivers’ personal information, Maryland Attorney General Brian E. Frosh announced Tuesday.
Uber also agreed to strengthen its data security practices to help prevent another such breach in the future.
Uber first learned that hackers had accessed the drivers license information of roughly 600,000 of its drivers in November 2016. Instead of reporting the hack initially, Uber tracked down the hackers and paid them to delete the information. Uber didn’t report the breach until November 2017, despite laws in Maryland and elsewhere requiring prompt notification to both affected individuals and the attorney general.
“When personal information gets into the wrong hands because of a data breach, the chances of becoming a victim of identity greatly increase,” Frosh said in a statement. “A one year delay in reporting a data breach makes the danger even greater for the victims.”
A settlement administrator will be appointed to notify and pay eligible drivers.
All 50 states and Washington, D.C., participated in this agreement with Uber. Maryland had a seat on the executive committee that negotiated the settlement.