Dan Sloshberg, cyber resilience expert, Mimecast, commented:

“Uber had both the legal and social obligation to inform governments and customers of this attack, and the fact the company chose to pay hackers and hide the massive breach is shocking. Pretending that an attack hasn’t happened, or quietly paying attackers off only emboldens perpetrators further.

“With the General Data Protection Regulation (GDPR) coming into effect in May 2018, businesses must report breaches within 72 hours or face crippling fines much bigger than what Uber paid to hackers.

“Businesses need to realise that the impact of breaches can be very serious - with knock-on effects on the organisation itself, employees and customers. To combat threats and ensure they remain compliant ahead of the GDPR, organisations must invest in minimising their risk appropriately with an appropriate cyber resilience strategy. This should also include a plan if something does go wrong.”

Dan Sloshberg, cyber resilience expert, Mimecast