Uber will pay $148m for failing to disclose a massive data breach in 2016.
The settlement follows a 10-month investigation into a data breach that exposed personal data from 57m Uber accounts, including 600,000 driver’s license numbers. Instead of reporting the breach, Uber hid evidence of the theft and paid $100,000 ransom to hackers to ensure the data wouldn’t be misused.
Xavier Becerra, California’s attorney general, called the cover-up “a blatant violation of the public’s trust”.
“The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law,” Becerra said.
The company has now reached the agreement with all 50 states and the District of Columbia.