Ride-hailing firm Uber is paying $148m (£113m) to settle legal action over a data breach that exposed the personal information of 57m customers and drivers, and its subsequent attempt to hide the hack from regulators.

The massive data breach, which took place in 2016, saw hackers undertake a complex attack on Ubers cloud storage systems. The company then paid the hackers $100,000 to delete the data they had stolen.

The legal action was brought by the US federal government and bodies representing all 50 states over Ubers failure to disclose details of the data loss. Uber only revealed some details about the breach in November 2017, and has admitted that it should have been more transparent about the attack.

“None of this should have happened, and I will not make excuses for it,” said Dara Khosrowshahi, CEO of Uber at the time. Following the breach, two security officials at the firm were let go due to their handling of the incident.

In addition to the fine, Uber has pledged to change how the firm operates when it comes to data protection, submitting regular reports on security incidents to regulators.

The fine and promise to improve wont be the end of potential consequences for the breach, however, with legal action bought by drivers, customers and the cities of Los Angeles and Chicago still ongoing.