DES MOINES, Iowa- Iowa's getting more than 600-thousand dollars, as part of a national settlement with Uber, the total settlement is 148-(M) million dollars.
States sued the ride-sharing company over its delay in reporting a data breach. Hackers gained information about Uber's drivers in November of 2016, but it took Uber a year to report the breach.
The Iowa Attorney General's office says nearly 400 Iowa drivers were affected.
The settlement requires Uber to take a number of steps:
Comply with Iowa data breach and consumer protection law regarding protecting residents’ personal information and notifying them in the event of a data breach concerning their personal information; Take precautions to protect any user data Uber stores on third-party platforms outside of Uber; Use strong password policies for its employees to gain access to the Uber network; Develop and implement a strong overall data security policy for all data that Uber collects about its users, including assessing potential risks to the security of the data and implementing any additional security measures beyond what Uber is doing to protect the data;Hire an outside qualified party to assess Uber’s data security efforts regularly and draft a report with any recommended security improvements. Uber will implement any such security improvement recommendations; and Develop and implement a corporate integrity program to ensure that Uber employees can bring any ethics concerns they have about any other Uber employees to the company, and that it will be heard.