Uber announced that they had paid hackers $100,000 to cover up a massive customer data breach last year that exposed personal information of about 57 million accounts. This breach adds on to another controversy for the company in addition to sexual harassment allegations, a trade secret theft lawsuit, as well as multiple federal criminal investigations.
The stolen information included names, phone numbers, and email addresses of users as well as names and license numbers of 600,000 U.S. drivers. However, there was no evidence of fraud and those drivers whose information had been stolen are able to receive free identity theft protection and credit monitoring.
Following this breach, Uber has been notifying regulators and fired their chief security officer and deputy. The company has had a history of failing to protect passenger and driver data and the new CEO hired new employees to help restructure Uber’s security teams and processes.
"If Uber knew and covered it up and didn’t tell the FTC, that leads to all kinds of problems, including even potentially criminal liability," said William McGeveran, a law professor specialized in data-privacy at the University of Minnesota Law School. "If that's all true, and that’s a bunch of ifs, that could mean false statements to investigators. You cannot lie to investigators in the process of reaching a settlement with them."