Uber agrees to $148M settlement with states over data breach

According to a settlement Uber will pay $148 million and tighten data security after the ride-hailing company failed for a year to notify drivers that hackers had stolen their personal information.

Uber Technologies Inc. reached the agreement with all 50 states and the District of Columbia after a massive data breach in 2016. Instead of reporting it, Uber hid evidence of the theft and paid ransom to ensure the data wouldn't be misused.

Uber, whose GPS-tracked drivers pick up riders who summon them from cellphone apps, learned in November 2016 that hackers had accessed personal data, including driver's license information, for roughly 600,000 Uber drivers in the U.S. The company acknowledged the breach in November 2017, saying it paid $100,000 in ransom for the stolen information to be destroyed.

The hack also took the names, email addresses and cellphone numbers of 57 million riders around the world. Uber's chief legal officer Tony West says after significant management changes in the past year, the decision by current managers was "the right thing to do."

Jim Rondeau