After Facebook’s mega-scam regarding privacy breach earlier this year, Uber has now been slapped with a sum of $148 million to settle claims pertaining to a mass data breach of 2016 that exposed personal information of over 52 million users around the world.

The settlement roots itself to the 2016 cyber attack on the company when hackers gained access to 607,000 U.S. driver’s license numbers along with personal information of its users such as phone number and email addresses. However, even after the attack, the company failed to disclose it for more than a year.

After the breach was uncovered, Uber ousted its chief security officer and admitted to the breach to the Federal Trade Commision

“Failing to report data breaches as soon as possible can harm consumers, said Iowa Attorney General Tom Miller. The penalty comes at a crucial time as the company’s CEO Dara Khosrowshahi is preparing for a 2019 Initial Public Offering (IPO).

Uber’s ex-CEO Travis Kalanick had learned about the breach, a few months after the hackers stole personal information of more than 57 million of Uber’s customers around the world. This breach was however hushed by Kalanick who paid $100,000 to the hackers to keep it under wraps, Bloomberg News reported.

Uber’s ex-CEO Travis Kalanick had learned about the breach, a few months after the hackers attacked the company

After the breach was uncovered, Uber ousted its chief security officer and admitted to the breach to the Federal Trade Commision, which had already reprimanded the company for a data breach in 2014.

“None of this should have happened, and I will not make excuses for it,” said Khosrowshahi, who replaced Kalanick last year in a statement in November.