Thousands of Oklahoma Uber drivers affected by the 2016 data breach will receive money from a settlement agreement, the state attorney general's office said.

The attorney general's office will give $100 to 4,655 drivers from a national settlement from Uber.

The $148 million settlement comes from all 50 states and the District of Columbia investigated Uber for failing to report a breach within a reasonable amount of time, violating every state's law regarding data breaches and notification timelines.

The breach affected drivers' personal information including drivers' license information, though there is no evidence the stolen data has been misused, the attorney general's office reported.

"Uber broke Oklahoma law, violated the trust of its employees and then tried to hide it," Attorney General Mike Hunter said. "This type of corporate misconduct is unacceptable and my office is committed to holding companies that engage in actions like this accountable. Although it doesn’t appear the information of those affected has been compromised, we are compelled to give the victims this money for their troubles and to show we are here to fight on their behalf. I appreciate and applaud attorneys general from across the nation for joining together to stand up for the victims of this crime."

Oklahoma will receive $1.14 million of the settlement to pay drivers and a settlement administrator. 

Details of the process for affected drivers will be announced at a later date.

Uber has also agreed to the following terms as part of the settlement:

  • Comply with state data breach and consumer protection laws regarding residents’ personal information and notifying them in the event of a data breach concerning personal information; 
  • Take precautions to protect any user data Uber stores on third-party platforms outside of the company; 
  • Use strong password policies for its employees to gain access to its network; 
  • Develop and implement a strong overall data security policy for all data that Uber collects about its users, including assessing potential risks to the security of the data and implementing any additional security measures beyond what Uber is doing to protect the data; 
  • Hire an outside qualified party to assess Uber’s data security efforts on a regular basis and draft a report with any recommended security improvements. Uber will implement any such security improvement recommendations; 
  • Develop and implement a corporate integrity program to ensure that Uber employees can bring any ethics concerns they have about any other Uber employees to the company, and that it will be heard.