Uber to pay $2.2 million to its Washington drivers over 2016 data breach

State Attorney General Ferguson announces settlement

  • Wednesday, September 26, 2018 12:27pm
  • News
Bob Ferguson

Bob Ferguson

State Attorney General Bob Ferguson announced Wednesday he will return more than $2.2 million to Uber drivers affected by a November 2016 data breach at the international ride-sharing company.

The money for drivers is part of approximately $5.79 million Uber will pay for violating Washington state’s data breach notification law and for failing to adequately safeguard the personal data of Uber drivers, according to a State Attorney General’s Office news release. The breach affected more than 57 million drivers and passengers worldwide, including nearly 13,000 Uber drivers in Washington. Uber waited more than a year before it revealed the breach publicly or notified the Attorney General’s Office. Most Washingtonians who drove for Uber in 2013 and 2014 will each receive $170.

The judgment, filed Wednesday in King County Superior Court, resolves a lawsuit Ferguson filed against Uber in November of 2017 as well as an investigation into Uber’s data security practices.

The judgment is part of a joint resolution by all 50 states and the District of Columbia related to the company’s November 2016 data breach.

“Uber kept this massive data breach secret for more than a year, and jeopardized the personal information of thousands of drivers,” Ferguson said in the news release. “Uber’s conduct was inexcusable and unlawful.”

Washington received a larger share of the nationwide $148 million settlement because Ferguson sued Uber in November of 2017 for failing to notify affected drivers and the Attorney General’s Office. Washington was one of just a small number of states that sued Uber over its conduct related to the data breach prior to the multistate resolution.

In November 2016, an individual contacted Uber claiming he had accessed Uber’s user information. Uber investigated and confirmed that person and one other individual had in fact accessed the company’s files, including obtaining the names and driver’s license numbers of more than 7 million drivers for the company around the world, including nearly 13,000 in Washington state. The hacker also obtained the login, encrypted password, and some geolocation information for nearly 50 million riders worldwide.

Under an amendment to Washington’s data breach notification law requested by Ferguson in 2015, consumers and the state must be notified within 45 days of a breach of “personal information,” which means an individual’s first name or first initial and last name in combination with a Social Security Number, driver’s license or Washington identification card number, or account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.

Despite the law, Uber failed to notify the Attorney General’s Office until Nov. 21, 2017 — more than 370 days after it learned of the breach. The company admitted to paying the hackers to hide the breach and destroy the stolen data.

In addition to paying Washington state for its violations, Uber is required to develop, implement, and maintain a comprehensive information security program that adequately protects personal information of riders and drivers. The company is also required to provide an independent assessment of the program’s effectiveness to the Attorney General’s Office every two years for the next decade.

The Attorney General’s Office will hire a claims administrator, who will reach out to affected drivers. The affected drivers drove for Uber in 2013 and 2014. Affected drivers will receive notification from the claims administrator; there is no need to file a claim. Drivers do not need to contact the Attorney General’s Office.

Only drivers whose drivers’ license information was accessed during the breach will be eligible. Eligible Washington drivers will receive $170. Uber has already notified affected drivers by mail or email, and has offered them free credit monitoring and identity theft production.


Talk to us

Please share your story tips by emailing editor@kentreporter.com.

To share your opinion for publication, submit a letter through our website https://www.kentreporter.com/submit-letter/. Include your name, address and daytime phone number. (We’ll only publish your name and hometown.) Please keep letters to 300 words or less.

More in News

t
Kent-based UTOPIA Washington partners with Seattle nonprofit

HealthierHere announces 4 new partnerships to help residents get essential health and social services

t
King County buys building for new Kent animal shelter

Plans to close current site in Kent and move 2 miles north in 2027 at cost of $19.5 million

Courtesy Photo, Kent Cornucopia Days
Street list closure for Kent Cornucopia Days

Downtown streets to close Thursday evening, July 10 through Sunday night, July 13

COURTESY PHOTO, ShoWare Center
The city-owned accesso ShoWare Center in Kent continues to lose money, including about $2.5 million over the last three years.
City of Kent-owned ShoWare Center loses $1 million in 2024

Record-high operating loss since arena opened in 2009; city covers losses from its general fund

Kent Police officers examine a black 2013 Chevrolet Camaro after it crashed July 7 into a day care facility along East Smith Street. COURTESY PHOTO, Puget Sound Fire
Man, 42, could face vehicular assault charge in Kent crash

Federal Way man driving westbound down Smith hill when Chevy Camaro crashed into building

File Photo, Kent Reporter
Kent Police Blotter: June 23 to July 5

Incidents include construction site burglary, cable wire theft, rock thrower

t
City of Kent receives two state grants for park projects

Awards of $939,600 and $500,000 from Washington Wildlife and Recreation Program

t
Two people in car injured in Kent after crash into building

Incident at about 1:38 a.m. Monday, July 7 at day care facility along East Smith Street

t
Kent once again a Sister City with El Grullo, Mexico

Both cities reaffirm their commitment to strengthening partnership at Kent City Hall gathering

(File photo)
Fourth of July weekend weather in King County

Expect mostly sunny and warm weather for the Fourth of July weekend… Continue reading

t
Kent man, 22, charged in May 27 Auburn shooting

Documents allege that the suspect, along with others, ambushed Keivon Bias, 21.

Washington State Patrol Trooper Christopher Gadd’s mother Gillian Gadd, left, comforts his wife Cammryn Gadd during the sentencing hearing at the Snohomish County Courthouse for Raul Benitez Santana on Wednesday, July 2, 2025 in Everett, Washington. (Olivia Vanni / The Herald)
Man sentenced for death of Washington State Patrol trooper

Will serve more than 10 years for vehicular homicide for death of Christopher Gadd, a Kentlake High graduate