We are reasonably sure that Uber will be happy to see 2017 come to an end. Scandals of one form or another buffeted the company throughout the early part of the year, leading to the departure of its founder, CEO Travis Kalanick, in late June.
But the year’s earlier rough ride might now be viewed as a walk in the park when compared to the news of the last two weeks. Between the revelations of a massive data breach and an equally massive effort to cover it up for a year, and the lawsuits that are now piling up as a result, plus the accusations of using ex-CIA agents to steal trade secrets, and losses that are getting bigger, not smaller, and a forthcoming investment round led by SoftBank that will see Uber’s valuation take a possible $20 billion haircut – well, it’s been a 10-day period to forget.
It also had a lot of people asking what’s next for a company presently valued at nearly $70 billion that has raised over $11.5 billion in funding.
How did things go so off the rails so fast?
Well, as they said during Watergate: It’s not the crime, it’s the cover-up.
The Uber Of Bad News
On Thanksgiving morning, Uber-using Americans woke up with two questions: How long do I cook my turkey, and was I one of the 57 million people whose personal data was hacked as part of the Uber breach?
The day before, the news broke that cybercriminals had managed to steal the data of 57 million customers and drivers. That news alone would have been sufficient to shake many people’s confidence in the firm, but that was just the warmup act. The news was compounded by the fact that the hack itself happened about a year ago, in October 2016. At the time, Uber – at the directive of its chief security officer – hid the breach and paid hackers about $100,000 to destroy the data.
All in, hackers managed to nab names, email addresses and phone numbers of 50 million Uber riders around the world, as well as the data of about 7 million drivers, which includes 600,000 U.S. drivers’ license numbers. The ride-sharing company said that no Social Security numbers, credit card information, trip location details or other data were taken.
In response, Uber fired chief security officer Joe Sullivan, as well as Craig Clark, a senior lawyer who reported to him, for their roles in obscuring the hack, which included the $100,000 payment to attackers to conceal the breach.
Uber said it believes the information was never used, and declined to disclose the identities of the attackers.
“None of this should have happened, and I will not make excuses for it,” new CEO Dara Khosrowshahi said in an emailed statement. “We are changing the way we do business. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Former CEO Travis Kalanick reportedly learned of the breach in November 2016.
The company informed the New York Attorney General, Eric Schneiderman, and the FTC about the October 2016 hack for the first time on Tuesday. Schneiderman has now launched an investigation into what happened.
The New York AG isn’t the only regulator that’s taken an interest in this story. Washington State’s AG has already sued the ride-sharing company, alleging it had violated the state’s data breach notification law. The multimillion-dollar lawsuit claims that the names and drivers’ license numbers of at least 10,888 Uber drivers in the state had been stolen without their being notified, as state law requires.
The Washington lawsuit now joins at least three potential class-action lawsuits. Uber is also under investigation by the attorneys general of New York, Missouri, Massachusetts, Connecticut and Illinois.
In response to the investigations, an Uber spokesman said in a statement, “We’ve been in touch with several attorney general offices and the [Federal Trade Commission] to discuss this issue, and we stand ready to cooperate with them going forward.”
It’s probably good that Uber is in such a cooperative mood, because it seems it won’t only be U.S. authorities seeking an explanation. Privacy regulators for the European Union said Wednesday (Nov. 29) they have created a task force to coordinate inquiries into the data breach at Uber.
According to reports, European data protection authorities said regulators from France, Italy, Spain, Belgium, the U.K. and Germany will all be part of the task force. Dutch authorities will lead the task force, as Uber has its European headquarters there. The group won’t be able to impose joint sanctions, and each country will also conduct its own individual investigation.
Nothing says, “Merry Christmas” like an entire cast of investigating international regulators.
And while the hack was definitely the lead singer this week, Uber’s woes mostly came in chorus form.
In a release of its Q3 earnings for investors, the ride-sharing company has reported that losses are on the rise – to the tune of $1.46 billion, according to Reuters. The adjusted figure, per the Financial Times, is $743 million in losses during the third quarter of this year, up 14 percent from the previous quarter.
Net revenue during Q2 was $2 billion – a 21 percent increase from the Q2 result of $1.66 billion.
While Uber has reported losses throughout its run as the world’s most successful and valuable start up, until Q3 those losses had shown signs of decline. Moreover, even in its home country, Uber’s dominance has been slipping, with some estimating that rival Lyft will account for as much as a third of the market within the next few years.
Pile onto that a complicated – and vituperative – lawsuit with Google about whether or not Uber engaged in a complex industrial espionage scheme to steal self-driving trade secrets. That lawsuit contains some pretty impressive accusations – like the one that Uber compiled a specialized unit of “ex-CIA” operatives to steal their competitors’ secrets.
All of this [bad] news is expected to impact the rather complex investment deal that Uber and a SoftBank-led consortium are trying to close in order to add $7 billion to the $10 billion flow into Uber’s coffers.
It’s a big number – but it comes as a big discount for buyers offering $32.97 a share, a price that would decrease Uber’s $60 billion valuation by 30 percent.
“SoftBank and Dragoneer have received indications from Benchmark, Menlo Ventures and other early investors of their intent to sell shares in the tender offer,” the company said in a statement.
That deal may change – Uber can reject the offer if they deem it too low, and the buyers’ consortium can raise their buy price as part of the negotiation.
But, facing widening losses, Uber may prefer to take the haircut (and the corporate restructuring that goes with it) as it tries to get back on track for 2018.
Still, it’s quite a distance from where Uber was last year, with several analysts and experts predicting it would soon take its place alongside the other major tech players on the West Coast. After some speed bumps – where Uber is going, and how exactly it plans to get there, remains a bit up in the air.
Amazon Pay: It’s Amazon’s world. We just live in it. Amazon Pay is slated to debut with Alex, by way of third-party developers. Initial payments skills will be tied to donations, restaurants and events. The skillset will branch out over the next year and beyond, naturally, and reports say the new payments skill will leverage voice recognition technology – Giving new meaning to putting money where your mouth is, securely.
Cannabis, with pot-fuls of cash: $6 billion is what the cannabis industry was worth in 2016 –but there are some estimates that this form of “toke-e-nizing” will grow to as much as $50 billion by the year 2026. By comparison, U.S. consumers spent roughly $55 billion on smartphones last year. Talk about growing like a weed.
Smartphone shopping via iPhone X: Looks like there’s a real X factor, at least as far as Black Friday is concerned. These users spent roughly 2X (there’s that X again) as much on Thanksgiving and Black Friday sales as other smartphone users, amid a generally successful mobile shopping season. So what if sensors and production issues and bad press dominated a few months ago? They seem to have been X’ed out.
Wells Fargo: The beleaguered Wells has not made the rounds much in our Sizzle Fizzles, and here we are again. Enforcement action looms amid Office of the Comptroller of the Currency warnings that excessive fees tied to its mortgage and auto insurance units may lead to enforcement actions.
Cyber Grinch: What’s a holiday season without stress? eCommerce fraud and account takeover fraud are on the rise, and consumers should gird for some lumps of coal amid the holiday cheer. The Grinch may have it easy, as so much data is free-floating around the dark web in the wake of Equifax and other breaches.
PSD2 implementation: Change is never easy, especially when it involves large-scale change hitting payments on a global stage. Germany’s FI says hurdles to implementation remain – some rather hefty ones. As noted by FI and also by reports from Deutsche Bank, overlapping regulations mean different consent actions from consumers, which means confusion could reign – and where there is confusion, there are storms before calm.