Ride-hailing firm Uber is paying $148m (£113m) to settle legal action over a cyber-attack that exposed data from 57 million customers and drivers.
The massive breach happened in 2016 but Uber sought to hide it from regulators.
The company paid the hackers behind the intrusion $100,000 to delete the data they grabbed from Uber’s cloud servers.
The payment settles action brought by the US government and 50 states over Uber’s failure to disclose details of the data loss.
Uber revealed some information about the breach in November 2017 and admitted that it should have been more open about the attack.
“None of this should have happened, and I will not make excuses for it,” said Uber’s boss Dara Khosrowshahi at the time. Two security officials were fired for their handling of the incident.
The personal data from 57 million Uber accounts also included information about 600,000 driving licence numbers.
As well as paying the fine, Uber has also pledged to change how it operates, to prevent it falling victim in the same way again. It will also be required to submit regular reports on security incidents to regulators. .
Legal action brought by drivers, customers and the cities of Los Angeles and Chicago over the breach is still ongoing.