Hackers obtained personal information for around 57 million Uber customers and drivers in October 2016 and in response, the company paid those behind the attack $100,000 to delete the data and keep quiet. The Federal Trade Commission initiated an investigation after the news came to light, later adding more provisions to an earlier settlement it made with the company over inadequate data safeguards.
"Uber's decision to cover up this breach was a blatant violation of the public's trust," California Attorney General Xavier Becerra said in a statement. "The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law."
Along with the fine, Uber has agreed to more rigorous data security and breach notification practices as well as outside assessments of its data security efforts.