When embattled ride sharing company Uber finally disclosed last week that a 2016 data breach had compromised the names, email addresses and phone numbers of 57 million users and driver’s license numbers of 600,000 drivers, and that the company had attempted to hide the information from users and regulators, most consumers were shocked and horrified.
Corporate cybersecurity experts, however, were unsurprised. Apparently, data breach cover-ups happen all the time.
“I don’t know if it’s a well-kept secret or they don’t want to admit to, it but the painful reality is that there are so many financial drivers motivating companies not to report breaches that it’s difficult to motivate them to be ethical,” Gregg Garrett, head of international cybersecurity for BDO Consulting, told LTN.
Although there are data breach notification laws on the books in 48 U.S. states requiring companies to inform consumers about potential exposures of their personal information, companies don’t exactly have great incentives to disclose a potential data breach. Disclosing data breaches tends to invite scrutiny from investors, open the door to litigation, and may not play well for a company’s reputation.