This week Uber announced it had lost information on 50m users and 7m drivers from a data breach in 2016.
Because of the likely reputational fallout of being the subject of a data breach, it is unfortunately not unusual for organisations to take the decision to conceal them. There is also a tendency to bury such breaches in bad news: something Equifax's data breach announcement during the worst hurricane to hit the US for decades could be considered a prime example of.
The ICO has taken a tough stance condemning these moves, and it seems now that the focus will move to not 'if' you are breached, but 'how' you will tell your clients and customers when you are and how you will maintain their trust.
The payment of a ransom is also unusual. There can be little guarantee that the data was deleted by the attackers, even if they signed a legal agreement as has been claimed. Digital information is hard to destroy, and their is little incentive for the attackers to do so.
Uber's concealment of its data breach boils down to an issue of trust. Will consumers now be inclined to get into a driverless, autonomous car made by Uber? Would they trust it with their safety? These will be the issues that Uber and other technology companies will need to overcome as they become a bigger part of our physical lives.
Uber did not tell anyone about the breach and paid a ransom to hackers to delete the data.