LONDON -- The UK regulator in charge of data privacy is looking into the major hack of Uber Technologies' user data, opening up yet another front in the ride-hailing firm's battle to manage one of its most successful markets.
Hackers stole the personal data of 57 million customers and drivers from Uber, a breach that the company concealed for more than a year.
"Uber's announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics," James Dipple-Johnston, the Deputy Commissioner at the Information Commissioner's Officer, said. "If UK citizens were affected then we should have been notified."
Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday.
The ICO is now working with the National Cyber Security Centre and other UK authorities regarding the hack. "Deliberately concealing breaches from regulators and citizens could attract higher fines for companies," said Dipple-Johnston.
A spokesman from Uber said the company is in process of notifying various regulatory and government authorities.
The UK is Uber's largest European hub, yet in a surprise decision London's transport regulator proposed it be banned from the capital because of safety concerns. Earlier this month, Uber lost an appeal over whether it should pay overtime and give vacation time to its British drivers, and a 44-year-old female driver has sued for sexual discrimination, saying the company doesn't protect workers.
Uber has launched a major lobbying effort to rectify its UK image. Last month, it hired Laurel Powers-Freeling a well-known banking veteran, as UK independent non-executive chair, and new CEO Dara Khosrowshahi flew to London in an attempt to smooth relations with transport regulators.
Uber's appeal against Transport for London's decision to revoke its license is set to be held on Dec. 11.