The ride-sharing company then paid the hacker, whose identity has not been confirmed by news sources, $100,000 — unreported to authorities and in silence — to destroy all previously stolen information by using what's called a "bug bounty" program, according to a report by Reuters.
The report continues:
Uber announced on Nov. 21 that the personal data of 57 million users, including 600,000 drivers in the United States, were stolen in a breach that occurred in October 2016. ... But the company did not reveal any information about the hacker or how it paid him the money.
Uber made the payment last year through a program designed to reward security researchers who report flaws in a company’s software, these people said. Uber’s bug bounty service - as such a program is known in the industry - is hosted by a company called HackerOne, which offers its platform to a number of tech companies.
According to a statement from Florida attorney general Pam Bondi's office released late last week, 32,000 of the aforementioned drivers who were vulnerable to the data breach are based in Florida.
"Uber's delay to provide timely notice to affected individuals is inexcusable," Bondi says in the release. "I have always been a strong advocate for Uber's innovative technology, but if these revelations prove true, I am disgusted by this cover-up and Uber will be held accountable."
Bondi's office soon thereafter filed a subpoena to the tech giant with the intention of learning more about the cover-up.
In step with Florida law, the data breach should have been reported to Bondi's office within 30 days.