From a News Release by WV Attorney General Patrick Morrisey
CHARLESTON — West Virginia Attorney General Patrick Morrisey reached a $148 million, multistate settlement with Uber to address the ride-sharing company’s one-year delay in reporting a data breach to its affected drivers.

West Virginia will receive approximately $592,800 from the nationwide settlement, which also requires Uber to strengthen its corporate governance and data security practices among other requirements aimed at preventing a similar occurrence in the future.
“Every entity must work to ensure it protects data collected from its consumers, clients and employees alike,” Attorney General Morrisey said. “Every entity, regardless of its size, must realize hackers are relentless and therefore make data security a top priority and promptly notify those affected when an unauthorized intrusion occurs.”
The settlement stems from Uber’s failure to promptly report a data breach it discovered in November 2016.
The breach allowed hackers to gain access to some personal information that Uber maintains about its drivers, including license information pertaining to approximately 600,000 drivers nationwide.
Uber tracked down those responsible and obtained assurances that the hackers deleted the information, however the drivers’ license numbers and other information triggered laws requiring the company to notify those affected. Uber failed to report the incident until November 2017.
The settlement between West Virginia and Uber requires the company to: All 50 states and the District of Columbia participated in this multistate agreement with Uber, a California-based company also known as Uber Technologies Inc.