Penalty Amount
$148,000,000
Uber Technologies, Inc. agreed to pay $148 million to settle a multi-state investigation into a data breach that compromised personal information of riders and drivers. The breach occurred in November 2016 but was not disclosed until November 2017. Uber must adopt new policies to safeguard consumer data.
Uber must pay $148 million and implement new policies and procedures to protect personal information.
In-house legal teams should review all agreements involving data handling, including vendor contracts with third-party service providers (e.g., GitHub, AWS), customer and driver agreements for data consent and usage, and employee or contractor agreements for access controls. Specific clauses to scrutinize are data security standards, breach notification requirements with explicit timelines, incident response procedures, data retention schedules, and compliance with state privacy laws. Changes may be needed to strengthen security obligations, mandate prompt breach disclosure (e.g., within 72 hours), include regular security audits and penetration testing, ensure data encryption, and align with evolving state data protection regulations to avoid delayed reporting like in this case.
Entity
Uber Technologies, Inc.
Also known as: Uber
Industry
TechnologyOfficial Press Release
https://www.njoag.gov/ag-grewal-announces-historic-settlement-resolving-uber-data-breach-n-j-to-receive-3-75-million-share-of-largest-multi-state-data-breach-settlement-to-date/
New Jersey Attorney General Enforcement Page
https://www.njoag.gov/about/divisions-and-offices/division-of-consumer-affairs/
"Uber Technologies, Inc."
"total of $148 million"
"state laws relating to the collection, maintenance and safeguarding of consumers’ personal information"
"state data breach notification laws"
"the personal information of Uber riders and drivers, including names, e-mail addresses and mobile phone numbers associated with rider accounts throughout the U.S., and the names and driver’s license numbers of approximately 600,000 Uber drivers."
"The data breach occurred in November 2016, but was not disclosed by Uber until a year later, in November 2017."
$148.0M
Uber Technologies, Inc. settled for $148 million over a 2016 data breach that exposed 57 million users' personal information. The company was accused of covering up the breach by paying hackers and failing to notify authorities or affected drivers as required by law. The settlement includes a large penalty and mandates robust data security practices, privacy-by-design integration, and regular reporting to prevent future incidents.
$100K
New Jersey Attorney General Jennifer Davenport and the Division of Consumer Affairs announced a Consent Order with King Distribution LLC and 17 related retail smoke shops, resolving allegations that the companies illegally sold flavored vapor products in violation of New Jersey’s consumer protection laws. The Consent Order imposes a $100,000 civil penalty, requires reimbursement of $22,279 in investigation costs, and prohibits the companies from selling or distributing flavored vapor products in New Jersey. The enforcement action is part of New Jersey’s ongoing efforts to protect youth from flavored vape products, which have been permanently banned in the state since January 2020.
The New Jersey Bureau of Securities issued a Cease and Desist Order on April 30, 2026, against Titan Macro Finance for operating an investment fraud scheme via WhatsApp and Instagram that defrauded at least one New Jersey investor of $64,000. The scheme involved unregistered broker-dealer activity, fake trading profits, and undisclosed fees to access investor funds. The action was coordinated with the California Department of Financial Protection and Innovation, which issued a similar order against the entity for violating California’s Commodity Code.
New Jersey Attorney General Jennifer Davenport and the Bureau of Securities issued a public warning to state residents about fraudulent investment schemes proliferating on Meta-owned platforms including Facebook, Instagram, and WhatsApp. The alert details common scam tactics such as pump-and-dump schemes, confidence scams, and fraudulent cryptocurrency offerings, and provides tips for residents to avoid victimization. No enforcement action against any entity was announced in this release.
New Jersey Attorney General Jennifer Davenport led a bipartisan coalition of 27 state attorneys general in submitting a comment letter to the Federal Trade Commission urging federal rulemaking to regulate hidden and deceptive rental housing fees. The AG also issued guidance clarifying New Jersey’s new $50 rental application fee cap, effective May 1, 2026, warning that deceptive fee practices may violate the New Jersey Consumer Fraud Act. No specific enforcement action against a named individual entity was announced, with enforcement of the fee cap set to begin May 1, 2026.
$2.0M
New Jersey Attorney General Jennifer Davenport announced a multistate settlement with NCL Bahamas, Ltd. (Norwegian Cruise Line) resolving allegations of deceptive sales practices and unfair cancellation, refund, and future cruise credit policies during the COVID-19 pandemic. The settlement requires NCL to pay $2 million to participating states, implement employee training and management approval processes for sales communications during disasters, and prohibits deceptive sales statements and prioritizing sales over consumer health and safety. NCL has already issued over $3 billion in refunds and future cruise credits to consumers nationwide related to the underlying allegations.