The regulator in charge of data privacy in the United Kingdom is reviewing a major data hack of Uber, and assessing the possibility of fining the company for concealing the hack.
“Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics,” James Dipple-Johnstone, the deputy commissioner at the Information Commissioner’s Officer, told Bloomberg on Wednesday.
Hackers reportedly stole the names, email addresses and phone numbers of 50 million Uber riders around the world in October 2016, as well as the personal information of about 7 million drivers, including about 600,000 U.S. driver’s license numbers.
The transportation company reportedly paid hackers $100,000 to delete the data and keep the breach under wraps.
“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies,” Dipple-Johnstone said.
The U.K. is Uber’s largest European hub, but London’s transport regulator has proposed banning Uber from the city because of safety concerns.
Uber has been battling a string of controversies this year, including probes over claims of privacy violations; revelations that the ride-hailing firm used software to evade regulators in certain locations; and allegations of sexual harassment in the workplace.