You are here: Home » International » News » Companies
Business Standard

Uber's $10-bn stock sale deal with SoftBank shrouded in data breach scandal

Uber on Tuesday said that it had paid hackers $100,000 to destroy data on more than 57 million customers and drivers

Reuters  |  Toronto/San Francisco 

Uber will adopt a policy of one share, one vote and has also set a deadline for the closely held company to go public in the next two years	photo: reuters

A newspaper advertisement for an Technologies Inc stock sale was juxtaposed on Wednesday with a report that the ride-service provider had covered up a data hack - something of a metaphor for Uber, a company with boundless investor interest, but whose penchant for rule-breaking has led to a series of scandals.

The stock sale advertised in the New York Times will enable investors to sell their shares to Japanese investor SoftBank, a critical deal for the company whose problems included building software to spy on competitors and to evade regulators and being investigated in Asia for paying bribes.

on Tuesday said that it had paid hackers $100,000 to destroy data on more than 57 million customers and drivers that was stolen from the company - and decided under the previous CEO not to report the matter to victims or authorities. was first hacked in October 2016 and discovered the the following month.

Chief Executive Dara Khosrowshahi, who took the helm in August with the mission of turning around the company and overhauling its culture, acknowledged in a blog that had erred in its handling of the breach.

The timing of the disclosure could hardly have been worse.

The company is trying to complete a deal with Group Corp in which the Japanese firm would invest as much as $10 billion for at least 14 per cent of the company, mostly by buying out existing shareholders. is advertising to find shareholders who want to sell.

last month announced a preliminary deal for the investment.

One question is whether will now try to alter the price of the deal. One source familiar with the matter said is planning to stick to its agreement to invest in but may seek better terms. has not yet made a final decision on whether to renegotiate, the source said.

Another question is the future of Kalanick, the co-founder who led to becoming a global powerhouse but did so with aggressive and controversial tactics. He was forced out by investors in June who feared his leadership style would damage the company, although he stayed on the board and remains a significant shareholder.

A bitter battle among investors over how to resolve Uber's problems led to a lawsuit by early investor Benchmark, which sought to oust Kalanick from any role. But a settlement was reached earlier this month to pave the way for the deal, with Kalanick retaining his board seat and other rights.

Kalanick was made aware of the hack last November and was aware of the $100,000 payment, according to a person close to the matter. Kalanick has declined to comment. did not respond to questions from Reuters on Wednesday.


The scope of the repercussions will face for the October 2016 began to take shape Wednesday with governments around the world opening investigations.

Authorities in Britain, Australia and the Philippines said they would investigate Uber's response to the London's transport regulator, which has been in discussions with after stripping it of its license to operate, said it was pressing for details.

Canada's privacy watchdog said that it had asked for details on the breach, though it had not launched a formal investigation.

Attorney general offices in at least six US states along with the Federal Trade Commission (FTC) have announced they are looking into the matter.

Some states are likely to go after for breaking laws on notification within a reasonable period of time.

At least two class action lawsuits have been filed against the company in the United States for failing to disclose the data breaches and causing potential harm to consumers.

said that it has been in touch with the FTC and several states to discuss a hack and pledged to cooperate.

Legal experts said the company is likely to face limited financial fallout from data-breach lawsuits. might succeed in squelching them outright because its agreements with both customers and drivers call for mandatory arbitration of disputes.

fired its chief security officer, Joe Sullivan, and a deputy, Craig Clark, over their role in handling the hack.

The board of directors had commissioned an investigation into Sullivan and his team, which is how the breach was discovered. The board committee concluded that neither Kalanick nor Salle Yoo, who was general counsel at the time, had been consulted in the company's response to the breach, according to a second person familiar with the matter.

It is unclear what the board of directors knew, if anything. Multiple board members did not respond to requests for comment.

"The scope of this breach is something the board should have been briefed about and consulted on at the very least," said Cynthia Clark, an associate professor of management at Bentley University. "It's a monitoring issue and one of strategy and reputation."

Clark said that these sorts of risks could affect Uber's IPO, which the board has agreed will take place in 2019.

The company has begun overhauling its security practices with help from Matt Olsen, former general counsel of the U. S. National Security Agency and director of the National Counterterrorism Center, CEO Khosrwoshahi said.

in August settled with the FTC after the regulator found the company failed to protect the personal information of passengers and drivers, an agreement that requires 20 years of regular auditing of Uber's data.

After this week's disclosures, can expect "more audits and more people inside of the company" from regulators, said cybersecurity attorney Steven Rubin.

First Published: Fri, November 24 2017. 03:10 IST