The state will reap $600,000 from a settlement with the rideshare company Uber, the Vermont attorney general’s office announced this week.
All 50 states and the District of Columbia are sharing a total settlement of $148 million, after the company failed to report a November 2016 data breach until a year later.
During the breach, hackers gained access to personal information belonging to 600,000 Uber drivers, including license information, according to the attorney general’s office. Under the settlement, Uber drivers operating in Vermont at the time of the breach will receive $100 payments.
Vermont law requires businesses to notify the attorney general within 14 days of a security breach, and consumers no more than 45 days after a breach, the settlement says. The attorney general’s office says the company failed to report the breach in a timely manner, waiting until November 2017.
“We understand that security breaches happen, and we generally work with businesses to make sure consumers are notified,” Attorney General TJ Donovan said in a statement. “If a business fails to report a data breach in a timely manner, however, we take that very seriously.”
In a statement, Uber’s chief legal officer Tony West said the company is taking responsibility for its past mistakes.
“We know that earning the trust of our customers and the regulators we work with globally is no easy feat,” West said. “We’ll continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world.”