Uber is reeling from the latest controversy over the revelations that the company has tried to cover up a massive breach, only last year, in which the hackers had pilfered information from approximately 57 million customers.
As a result of this hack, the ride-share company now faces huge probes from multiple state attorneys general, as well as international regulators in Europe.
The concerns are not just limited to the breach itself; the strongest ire is coming from the regulators over how Uber handled the cyberattack. The ride-sharing firm had initially kept this massive breach a secret, which new CEO Dara Khosrowshahi had acknowledged that Uber should not have done.
Furthermore, Uber paid these hackers a staggering $100,000 in exchange for destroying all the files and, according to news reports, made the hackers sign nondisclosure agreements to cover up the cyberattack.
This development is the latest in a series of particular scandals for the company that had, earlier this year, forced the resignation of their CEO, Travis Kalanick.
Now, his successor has been left to clean up the mess.
“None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi had written in a blog post this Tuesday, disclosing the breach.
“We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
The episode took place late last year when the hackers gained full access to the names, email addresses and phone numbers of 57 million Uber users worldwide, as well as the driver’s license numbers of roughly 600,000 U.S. drivers.
Kalanick, who at that time was the CEO, learned of this breach a month after it had occurred. The company is said to have fired two of the executives who were involved, in the response to this breach and its subsequent cover-up, including the chief security officer Joe Sullivan.
Legal experts say that the company is likely to be faulted for running afoul of breach notification laws in the states that have them where customer data was compromised like this.
Attorneys general in at least three states, including Massachusetts and New York, have already launched their own investigations into the hack.
Steve Rubin, the head of the cybersecurity legal practice at Moritt Hock & Hamroff, said that the incident is likely to trigger an investigation by the Federal Trade Commission (FTC), which has already faulted Uber for making their deceptive claims about the data privacy.
“This wasn’t simply a data breach,” Rubin had said. “They went further and they tried to pay off a hacker in order to avoid their obligation to report to attorneys generals.”
“Companies get punished for that,” Rubin said.
The FTC still hasn’t commented on whether or not it would investigate the matter, but an agency spokesperson had said in an emailed statement that it is “closely evaluating the serious issues raised.”
The development has also already triggered blowback on Capitol Hill, with a key Democrat jockeying for a full investigation.
“The security breach shows a sloppy approach by the company to protecting consumer data, and demonstrates a severe breach of trust with the public, its own employees, and regulators who it failed to notify in a timely manner,” said Representative Frank Pallone, Jr. – ranking member of the House Commerce Committee.
“If Uber did indeed secretly pay-off the hackers to keep the breach quiet, then a possible cover-up of the incident is problematic and must be investigated,” he added in his statement.
Uber became embroiled in controversy, earlier this year, after the company faced sexual harassment allegations, prompting an investigation by former Attorney General Eric Holder into the company’s culture.
After Khosrowshahi took over for Kalanick in August, the former Expedia CEO had appeared poised to lead Uber in a new, scandal-free direction. With the news of the breach, however, it appears Khosrowshahi will still be stuck picking up the pieces left by his predecessor.
Still, his presence at Uber’s helm might be what helps the embattled company skate by its latest PR fiasco.
“The Uber brand is about as tarnished as it gets in 2017,” said Matt Rizzetta, CEO of the brand communications agency North 6th. “There is no goodwill and trust in Uber as a brand at this point.”
“This crisis predates his tenure with the company. He has a rock-solid brand. They’re choosing to go with the messaging of their CEO and that might save them.”