Technologist - The FindLaw Legal Technology Blog

South Dakota Gets $500K+ in Uber Data Breach Settlement

While Uber may still not even be operating in the state of South Dakota, that didn't stop the state from getting its piece of the Uber data breach settlement pie.

The settlement stems from a 2016 data breach where hackers stole private information for 600,000 Uber drivers, then ransomed that information back to the company. Unfortunately for the company, not disclosing the data breach until 2017 led to public outrage, and, not to mention, several states filing lawsuits resulting in the $148 million settlement.

SD Drivers Get No Pie

Interestingly, though Uber hasn't moved into South Dakota yet, the state still had 71 Uber drivers living there whose data was compromised in the 2016 breach. Pursuant to state law, those data breaches needed to be disclosed within 60 days. And though there were less than 100 Uber drivers in the state subject to the breach, the state's will receive $573,000.

South Dakota law imposes civil penalties of $2,000 per "deceptive act" as well as a $10K per day fine for each day a defendant fails to notify the public about such a data breach. Sadly for those 71 drivers in the state, they won't see any of the settlement. The money will go to the state's attorney general's office.

Uber drivers in other states more substantially affected may be a little bit luckier. For instance, in Ohio, Uber drivers whose information was compromised will receive a $100 payment (out of the state's $5.6 million portion of the $150 million settlement).

Uber Mistake

When this data breach was initially reported in November 2017, Uber had known about it for a year. Making matters even worse for the tech giant, Softbank was in the process of negotiating a substantial investment into Uber. As a result of the breach, Softbank's valuation of the company changed, and their offer decreased by nearly 30%.

Related Resources: