Uber has agreed to pay a $20, 0000 penalty in a settlement with New York Attorney General Eric T. Schneiderman for delays in informing drivers of a data breach involving their personal information in 2014. Uber notified Schneiderman's office on Feb. 26, 2015 that driver names and license numbers were accessed by an unauthorized third party in a data breach that was discovered as early as September 2014.
"Uber also collects the geographic location of riders and drivers in real time," according to the statement from Schneiderman's office. But Uber has now agreed under the settlement "to maintain and store GPS-based location information in a password-protected environment, and encrypt the information when in transit."
The company has also agreed to take measures like limiting access to geo-location information to certain employees with a legitimate business purpose, and having technical access controls.
Uber could not be immediately reached for comment on the announcement of the settlement.