Re: Funny really...
The principle reason, as far as I am aware, is so that drivers can rate passengers, in the same way that passengers can rate drivers, so that drivers can avoid picking up people who are likely to be abusive, or violently ill in their car.
The amount of data required for this presumably would be pretty small (an identifier, and a set of ratings), and I wonder what other associated account data Uber actually hold (such as identifying information and billing info), as well as how much of this data they need to hold, and whether it was leaked.
The whole thing does indeed look pretty dodgy - from the fact that Uber didn't 'fess up to the breach at the time, and haven't revealed the nature of the stolen data, to the pretty amazing admission that they paid the criminals to delete the data that was stolen. I can see no way that they could verify that the crims actually did this, rather than taking the money and holding onto / selling the data.