Uber agreed to settle a U.S. investigation that found the ride-hailing company deceived consumers by failing to protect their sensitive data.
The settlement with the Federal Trade Commission, which doesn’t require Uber to pay a monetary penalty, resolves claims the company misrepresented that consumer information was secure.
The agreement, announced Tuesday, follows a 2014 data breach that exposed names and license numbers of thousands of drivers.
“Companies must honor their promises about how they’re going to protect consumers’ information,” FTC Acting Chairman Maureen Ohlhausen said on a conference call with reporters.
“It doesn’t matter whether you’re a fast-growing company like Uber, a long-established brick-and-mortar company, an app developer or a behind-the-scenes entity like a data broker.”
The settlement comes as Uber is trying to move beyond a tumultuous period in which co-founder Travis Kalanick was ousted in June as chief executive officer following accusations that the company created a hostile environment for female employees under his leadership.
Uber is also battling a lawsuit with Alphabet Inc.’s self-driving car business and a probe by the U.S. Justice Department over the use of technology to deceive government officials.
Uber didn’t immediately respond to an email seeking comment about the FTC case.
Under the agreement with the FTC, Uber is required to implement a “comprehensive privacy program” that protects the confidentiality of personal information it collects.
The company must also undergo regular third-party audits for 20 years, certifying that it has a privacy program that meets the FTC’s requirements.
After news reports that employees were improperly accessing consumer data, Uber said in November 2014 that it had a strict policy prohibiting workers from accessing information about customers or drivers.
The company developed an automated system for monitoring employee access in December 2014 but stopped using it less than a year after it was put in place, according to the agency.
The second part of the FTC’s case stemmed from Uber’s claim that it securely stored consumer information in databases.
The company failed to provide “reasonable security” to prevent unauthorized access to that information, which led to the breach in 2014, the FTC said.