At first glance the announcement of a data breach involving data from 57 million drivers and customers of Uber is a case of more of the same: there have been much bigger breaches over the last few years. However, the revelation that the company didn’t acknowledge the breach for a year, opting instead to pay a ransom to hackers, makes the story of real interest. Here in the UK, the Information Commissioner’s Office has expressed “huge concerns” about this lack of openness; and there has been an angry backlash from those who may have been affected by the breach and are now wondering what has happened to their personal data over the last 12 months. The decision to pay a ransom is particularly hard to fathom, and potentially the most damaging aspect, escalating the discussion beyond information security into a debate about the ethics and judgement of the firm’s senior management. We shall follow this story with interest…..