PORTLAND, Ore. – Uber is facing a steep fine from the City of Portland after the company waited about a year before responding to a hack that compromised driver and passenger data.
The fine of $3,475,000 is for violating a city code that requires any data security breach be reported to the state and city.
The Uber data breach started in October 13, 2016 and ended November 15 of that year. During the breach 1391 Oregon Uber divers had their personal information disclosed.
Uber didn’t publically report the breach until November 22, 2017. The penalties increase from $1,000 for the first offence, to $1,500 for the second offence, and $2,500 for any following offences. The nearly $3.5 million in fines was calculated for the 1391 drivers.
Uber is appealing the fines, and a hearing has been postponed until May 15.
In a public letter about the fine, the City mentioned Uber’s use of “Greyball” Software to avoid city regulators back in 2014.
