The ride-hailing service Uber has agreed to pay $148 million to settle claims that it concealed a massive data breach that exposed personal information of drivers and customers.
In November 2016, Uber learned that hackers had accessed personal data of about 600,000 Uber drivers, including their driver’s license numbers. Hackers also had stolen email addresses and cellphone numbers of 57 million riders worldwide.
The claims, filed in every U.S. state and the District of Columbia, said rather than inform the drivers involved, Uber hid the breach for more than a year and paid ransom to ensure the data wouldn’t be misused.
“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Illinois Attorney General Lisa Madigan told The Associated Press.
Uber’s chief legal officer, Tony West, said the decision to come clean about the hack was made after major management changes at the company.
“It embodies the principles by which we are running our business today: transparency, integrity and accountability,” West said.
Each state will receive a part of the settlement based on how many drivers they have. Most states estimate each affected Uber driver will receive about $100.