Uber will pay $148 million in connection with a 2016 data breach and cover-up

  • The breach, revealed last year, granted hackers access to the personal information of 57 million riders and drivers.
  • Uber paid the hackers $100,000 to delete the data and keep the breach quiet, rather than report the incident.
Dara Khosrowshahi, CEO, Uber 
Carlo Allegri | Reuters
Dara Khosrowshahi, CEO, Uber 

Uber has agreed to pay $148 million in connection with a 2016 data breach and subsequent cover-up, according to the California Attorney General's office.

The breach, revealed last year, granted hackers access to the personal information of 57 million riders and drivers. The company concealed the hack for more than a year, Uber CEO Dara Khosrowshahi said in statement at the time.

Uber paid the hackers $100,000 to delete the data and keep the breach quiet, rather than report the incident.

"Uber's decision to cover up this breach was a blatant violation of the public's trust. The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law," California Attorney General Xavier Becerra said in a statement.

Hackers stole personal information, including names and driver's license numbers of around 600,000 drivers in the U.S., rider names, email addresses and mobile phone numbers.

"We know that earning the trust of our customers and the regulators we work with globally is no easy feat," Uber's Chief Legal Officer Tony West said in a statement. "We'll continue to invest in protections to keep our customers and their data safe and secure, and we're committed to maintaining a constructive and collaborative relationship with governments around the world."

The $148 million will be distributed in varying amounts across the states and Washington, D.C.

— Reuters contributed to this report.