As if a data breach isn’t expensive enough, Uber will now pay $148M to settle claims from its 2016 incident, making it the biggest data breach payout in history, according to Bloomberg.

The incident was considered an epic failure because it was the result of cloud and security issues that could have been avoided. Compounding the debacle, Uber learned of the incident a month after it happened, but kept it under wraps until more than a year later. Adding more salt to the wound, Uber paid the hackers $100,000 to destroy the data and remain silent.

More than 25 million people were affected by the data breach, across all 50 states (57 million customers worldwide). Included in the data theft: 607,000 U.S. driver’s license numbers and millions of email addresses and phone numbers.

Bloomberg reports, “The penalty comes at a pivotal time for Uber Chief Executive Officer Dara Khosrowshahi, who is laying the groundwork for a 2019 initial public offering while working to distance the brand from the controversial growth-at-all-costs approach established under his predecessor, co-founder Travis Kalanick.”

Get the full story at Bloomberg.