Ride-hailing giants uber have agreed to "expand" the terms of its original settlement with the FTC (Federal Trade Commission) which was made in August 2017 surrounding allegations that it made deceptive claims about its privacy and data security.
In the original settlement Uber agreed to 20 years of audits and for a new privacy program to be introduced, but following the revelations in November 2017 that hackers stole data on 57 million users and drivers, the FTC decided to revisit the settlement to agree additional terms.
The data breach happened in October 2016 and was covered up for over a year. Uber admitted to paying the hackers $100,000 to delete the information they had stolen.
The new provisions in the revised proposed order include requirements for Uber to submit to the commission all the reports from the required third-party audits of Uber's privacy program rather than only the initial such report. It also must retain certain records related to bug bounty reports regarding vulnerabilities that relate to potential or actual unauthorised access to consumer data.
In a statement the Federal Trade commission said:
"After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the commission that it suffered another data breach in 2016 while the commission was investigating the company's strikingly similar 2014 breach.
"The strengthened provisions of the expanded settlement are designed to ensure that Uber does not engage in similar misconduct in the future"