Sept. 27 (UPI) -- Ride-share giant Uber has agreed to pay nearly $150 million to settle charges related to its massive data breach two years ago that compromised riders' information.
The breach exposed 57 million email addresses and phone numbers belonging to riders and drivers in the United States, as well as the license numbers of 600,000 drivers. Wednesday's settlement with attorneys general in all 50 states resolves all claims nationwide.
The agreement settles charges that Uber knew about the October 2016 breach but spent $100,000 trying to cover it up and eliminate evidence. It requires the company to make a number of changes, including taking stronger security measures.
"This record settlement should send a clear message: we have zero tolerance for those who skirt the law and leave consumer and employee information vulnerable to exploitation," New York Attorney General Barbara Underwood, who led the national investigation, said in a statement.
Uber disclosed last November that it paid hackers to keep quiet about the breach and subsequently fired two executives who authorized the hackers' payments.
Uber Chief Legal Officer Tony West was hired to handle the case after the breach was eventually revealed.
"Our current management team's decision to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity and accountability," West said in a statement. "We know that earning the trust of our customers and the regulators we work with globally is no easy feat. We'll continue to invest in protections to keep our customers and their data safe and secure."
Uber had already been dealing with difficulties before the breach became known. A year ago, Uber tabbed former Expedia CEO Dara Khosrowshahi to repair its public image. He ultimately discovered the breach and informed investors.
Uber has bolstered security in recent months, which included the hires of Ruby Zefo as chief privacy officer and Matt Olsen as chief trust and security officer.
The company also settled a separate data security complaint from the Federal Trade Commission that dated back to 2014.