It has been revealed that Uber was the victim of a cyber-attack that resulted in the personal data of 57 million customers being exposed. And if that wasn't bad enough, it is also being reported that the many paid the hackers $100,000 to keep quiet and delete the data. Under European and Australian laws that will come into effect next year, that $100,000 is small fry compared to the millions of dollars it could cost them.
Australia's mandatory breach notification laws and the European General Data Protection Regulation (GDPR) impose hefty penalties on companies that are breached and fail to follow notification laws.
Under revealed, in a post on the company's blog, CEO Dana Khosrowshahi said that he had only just become aware of the breach. He said the breach included details of around 600,000 drivers in the US and 57 million passengers from around the world.
While Khosrowshahi says they company has taken steps to prevent this from happening again, the cover up is the bigger issue. And the many has already suffered some significant bad publicity on the back of the comments and behaviour of staff and board members under the stewardship of previous CEO Travis Kalanick.
Australia's breach notification nation laws would cost the company several million dollars, not because of the breach but because of the cover up.
If consumers were in any doubt as to the value of these laws, this breach and subsequent actions at Uber clarity show how they can protect consumers.