The US Attorney’s Office of the Northern District of California published the press release that it entered in a non-prosecution agreement with Uber, which has admitted to concealing a massive data breach from six years ago. Uber settled any civil liability for USD 148m for all 50 States. As a result of the breach which occurred in 2016, hackers obtained access to the personal data of approximately 57 million user records. Allegedly Uber paid a USD 100k ransom not only to delete the hacked personal data but also to keep the breach hidden from regulators and the media. The agreement acknowledges the recent efforts from Uber’s management that “invested substantial resources to significantly restructure and enhance the company’s compliance, legal, and security functions”, and underlines that a 20-year agreement between Uber and the US Federal Trade Commission for the company to uphold a comprehensive privacy program and disclose any future consumer data breaches to the agency. Find the press release here.