Uber has admitted to covering up a massive cybersecurity attack that took place in October 2016, exposing the confidential data of 57 million customers and drivers, as part of a settlement with the US Department of Justice in order to avoid prosecution.
More on the story here: https://www.theverge.com/2022/7/25/23277161/uber-2016-data-breach-settlement-cover-up
“Back in 2016, virtually no state privacy-protection laws were enacted in the US contrasted to 2022, so Uber is paying such a hilariously small amount due to the then-existing legislative vacuum. If this happened today, even in the US – which still has no overarching federal privacy law contrasted to most other countries – the penalties would likely be significantly higher, let alone the EU with a multi-billion fines policy in place to enforce GDPR.
This settlement, however, does not shield Uber from private lawsuits by aggrieved parties. To void such undesirable situations, companies should take privacy and data breaches seriously, considering their duties and obligations under all applicable laws and regulations. Having a well-thought-out data breach response plan in place that would include, among other things, swift interaction with internal and external legal teams, media and investors, is crucial to minimize reputational and financial damage of unpreventable data breaches. The close collaboration of technical and legal experts is the next big thing in cybersecurity.”