An anonymous reader quotes a report from The New York Times: Uber will pay $148 million to settle a nationwide investigation into a 2016 data breach (Warning: source may be paywalled; alternative source), in which a hacker managed to gain access to information belonging to 57 million riders and drivers. The breach included names and driver’s license numbers for 600,000 drivers. Rather than disclosing the breach when it occurred, Uber paid the hacker $100,000 through its bug bounty program. […] The ride-hailing company persuaded him to delete the data and stay quiet about it with a nondisclosure agreement. The incident became public a year later when Uber’s chief executive, Dara Khosrowshahi, announced it as a “failure” and fired the two employees who had signed off on the payment.
Tony West, Uber’s chief legal officer, said the settlement was part of a larger effort inside Uber to remake the company’s image. He said the company had recently hired a chief privacy officer and a chief trust and security officer. The $148 million settlement announced Wednesday will be divided among all 50 states and the District of Columbia. “Companies in California and throughout the nation are entrusted with customers’ valuable private information,” Xavier Becerra, California’s attorney general, said. “This settlement broadcasts to all of them that we will hold them accountable to protect that data.”
Read more of this story at Slashdot.