Auber1
The logo of ride-hailing app Uber on a smartphone is seen next to a photo of a German taxi sign in Frankfurt, Germany, Sept. 15, 2014. Kai Pfaffenbach/Reuters

Uber will pay a penalty of $20,000 as part of a settlement with New York State after Attorney General Eric Schneiderman accused the company of failing to report that a third party had access to users' personal information. Schneiderman announced the settlement Wednesday after a 14-month investigation.

The investigation began after a series of BuzzFeed News articles showed Josh Mohrer, an Uber manager in New York, accessed the ride logs of a reporter without the journalist's permission. Mohrer was then accused of secretly tracking the reporter's rides as part of a mode called “God View.”

The inquiry into the San Francisco-based company then expanded into Uber's discovery of a data breach in September 2014 affecting many of its drivers, an incident Uber did not report to the New York attorney general until Feb. 26, 2015.

Uber was recently valued at $62.5 billion.

The company removed all personally identifiable information on riders in the system that provides an aerial view of moving vehicles (God View), has limited employee access to rider information and is reviewing employee access to personally identifiable information “in general,” the statement said.

“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” Schneiderman said in a statement.

“We are committed to protecting the privacy of consumers and customers of any product in New York State, as well as that of employees of any company operations here. I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers' and employees' private information,” Schneiderman added.

The data breach involved an Uber engineer who mistakenly made the credentials to the company's third-party cloud service available in a public post on Github. The breach was discovered when Uber was tipped off that an employee at a competing company had access to the cloud.

Uber also updated its privacy policies and agreed to notify the New York attorney general if it begins collecting location information from user devices while the app is closed, something Uber has consistently denied.