Uber today was forced to admit it was hacked last year and paid a ransom to hackers before covering it up as a bug bounty program.
Within a few hours, international legislators have already responded.
According to Reuters, authorities in Britain, Australia, the Philippines, and the US have opened investigations into the data breach. In at least one country (Britain), and possibly more, the company could face huge fines for failing to notify its users and lawmakers of the breach. Recode reports that Illinois, Massachusetts, and Connecticut are also investigating.
This comes after the FTC promised audits every two years. Over the next two decades, Uber will face government audits for its continued privacy issues.
The company faces lawsuits from the private sector as well — one has already been filed. And since the data of 57 million riders and 600,000 drivers was stolen in the late 2016 breach, Uber could be fighting the backlash for this oopsie for years to come.
I’m not sure if I should call this the cherry on top of Uber’s year (we still have a month to go, after all), but it’s an ugly way to close a period where Uber has been slammed for unequal pay, endemic toxicity, creepily invasive features, and alleged corporate espionage. While Uber maintains the data on riders is innocuous, the driver data stolen might not be — and there’s a chance the hackers didn’t actually delete, despite Uber paying them $100,000 to do so.
I honestly hope this is the worst thing Uber could have been hiding, because it really takes the gold in the “What Your Favorite Company Isn’t Telling You” race. That said, I think it’s positive that new CEO Dara Khosrowshahi came forward and admitted it, as opposed to us all finding out about it from third parties later. Good intentions might not be enough to stave off a flood of lawsuits, or cut any ice with the FTC, but it could be a step towards rebuilding consumer trust in the app.