Uber settles with DOJ for failing to disclose breach that exposed 57 million users' data

The incident dates back to 2016.

Andrew Kelly / reuters

Uber has officially accepted responsibility for hiding a 2016 data breach that exposed the data of 57 million passengers and drivers. On Friday, the company entered into a non-prosecution agreement with the US Department of Justice, reports Reuters. As part of the deal, Uber admitted it failed to inform the agency of the cyberattack. It also agreed to cooperate in the prosecution of former chief security officer Joe Sullivan who was fired by the company shortly after the incident came to light.

Uber did not immediately respond to Engadget’s request for comment. The company first revealed the details of the data breach in 2017. Instead of sharing what it knew about the incident with the government and users, the company paid hackers $100,000 to the delete the information and stay quiet. “None of this should have happened, and I will not make excuses for it,” said Dara Khosrowshahi, Uber’s then recently appointed CEO, at the time of the disclosure. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.” In 2018, Uber paid $148 million to settle allegations by US state attorneys general the company was too slow to disclose the incident.

Correction 07/25 5:20 PM ET: A previous version of this article mistakenly said Uber reached a non-prosecution agreement with the Federal Trade Commission. We regret the error.