Uber settles 2016 data breach with cover-up admission

Uber has entered a deal with the U.S. Department of Justice to avert any prosecution related to a massive data breach in 2016 by declaring efforts to cover up the incident that has compromised sensitive data from 57 million users and drivers, The Verge reports. Uber "admits that its personnel failed to report the November 2016 data breach to the [Federal Trade Commission] despite a pending FTC investigation into data security at the company," noted a release from the Justice Department. Stolen credentials have been leveraged by attackers to compromise Uber's private source code repository and secure a proprietary access key, which was then used to steal data from nearly 57 million users and 600,000 driver's license numbers but the breach was only disclosed by the company a year after the incident. Uber noted that it had paid $100,000 to its attackers. The Justice Department said that Uber will no longer be prosecuted after deciding to disclose the breach as well as inform the FTC regarding any future attacks. Uber has also settled the civil suit related to the attack for $148 million, according to the settlement.