Uber has covered up a massive 2016 hack to its system that compromised the personal data of over 57 million users and drivers globally. The ride-hailing service declined to notify affected users and instead paid hackers $100,000 to hush up the hack and delete the data. This is the latest in a string of shady practices from Uber.Bloomberg reported that fired Uber CEO Travis Kalanick was aware of the hack as early as November 2016, just a month after it occurred. Uber Chief Security Officer Joe Sullivan, and a key senior deputy to the CSO, have also been removed from the company this week, specifically for their roles in keeping the cyberattack secret.

Britain’s data protection authority said on Wednesday that concealment of the data breach raises “huge concerns” about Uber’s data policies and ethics.

“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies,” James Dipple-Johnstone, deputy commissioner of the UK Information Commissioner’s Office, said in a statement. Current British law carries a maximum penalty of 500,000 pounds ($662,000) for failing to notify users and regulators when data breaches occur. Uber is currently under investigation by the NY State Attrney General.

Source: Reuters