Iowa Attorney General, Uber, reach settlement over data breach

Iowa Attorney General Tom Miller and other attorneys general have reached a group agreement with Uber in response to a delay in the ride-hailing company's reporting of a data breach to drivers.

According to a Wednesday news release, Miller and attorneys general from 49 states and the District of Columbia reached a $148 million nationwide settlement on the breach. In the agreement, Iowa is set to receive nearly $613,000, which will go to the state's Consumer Education and Litigation Fund.

In 2016, California-based Uber learned that hackers had gained access to personal information the company maintains for the company's roughly 600,000 drivers nationwide, the release states.

Uber obtained assurances that the hackers had deleted the information, including driver's license numbers, but failed to notify affected Iowa residents in a timely manner, which violates Iowa's Consumer Fraud Act. Uber officials notified affected drivers in November 2017, about a year later, the release states.

About 390 Iowa drivers were affected by the breach, with Uber offering drivers free credit monitoring and identity theft protection.

'Failing to report data breaches as soon as possible can harm consumers,” Miller said in a Wednesday news release. 'If notified, consumers can take actions such as monitoring and freezing their credit reports to prevent identity theft.”

In a settlement filed Wednesday, Uber must take precautions to protect user data, use strong password policies for its employees, implement a strong overall data security policy and hire an outside qualified party to assess Uber's data security efforts.

l Comments: (319) 398-8309; mitchell.schmidt@thegazette.com