In House - The FindLaw Corporate Counsel Blog

Uber Blew Tire With Data Breach Cover-Up

For all of its popularity with urbanites, Uber is losing its luster in the marketplace.

SoftBank is offering to buy the company for about $48 billion, but that is down 30 percent from the company's most recent valuation. What happened to the most popular ride-hailing service on the planet?

This happened: Uber tried to cover up a massive data breach affecting 57 million riders. For corporate counsel, it goes to show that paying for confidentiality is not always a good thing.

Hush Money

According to reports, Uber paid $100,000 to keep hackers quiet after they attacked customers personal data in October 2016. The breach included names, email addresses and mobile numbers of people around the world, including the names and driver's license numbers of about 600,000 Uber drivers.

The bigger problem -- for Uber -- is the failure to inform customers. Regulators and attorneys are piling on Uber with investigations and litigation.

At least five states, including Connecticut, Illinois, Massachusetts, Missouri, and New York, have announced investigations. Authorities in Australia, Britain, and the Philippines are also probing the cover-up.

While the U.S. Federal Trade Commission is fielding inquiries, the U.K.'s Information Commissioners Office said Uber will face "substantial" fines.

'Breach Collides with Deal'

Uber announced a preliminary deal with Softbank to invest $10 billion in the company last month. But the revelation of the data breach and cover-up changed all that.

"The timing of the disclosure could hardly have been worse," Reuters reporters Jim Finkle and Heather Somerville wrote.

State and federal regulators have warned companies against confidentiality agreements that attempt to cover-up violations of law for years. The Whistleblower Protection Enhancement Act of 2012, for example, requires employees to notify regulators of fraud allegations.

Related Resources: