It's been revealed around 100,000 New Zealand Uber users were affected by a worldwide hack the ride sharing service then tried to cover up.
In October, 2016, 57 million customers and drivers worldwide were affected by the cyber attack. Uber paid the hackers US$100,000 (NZ$143,000) to delete the data and keep quiet about the breach.
Uber attempted to conceal the data breach, then in November 2017 CEO Dara Khosrowshah publically apologised for the handling of the situation.
"None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes," he said.
It's now been revealed a quarter of New Zealand's 400,000 Uber customer base may have had their privacy breached as part of the hack.
Privacy Commissioner John Edwards was officially informed on Wednesday night.
"While I am pleased the local representative of Uber has notified my office of the issue, the one-year gap between the breach and notification shows why breach notification should be mandatory.
"When personal information is lost, individuals need to take action to protect themselves. People cannot take the action they need to take if they don’t know about the data breach in the first place."
However, Uber tells Newshub there is no evidence that users' trip location history, credit card numbers, bank account numbers or dates of birth were downloaded in the breach.
It says it has taken extra precautions to flag the affected accounts and give them extra fraud protection.
"We take this matter very seriously and we are happy to answer any questions regulators may have. We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to regain the trust of consumers," an Uber spokesperson said in a statement.
Have you noticed anything suspicious about your Uber account? Contact firstname.lastname@example.org