Uber waited a year before disclosing that hackers accessed 57 million accounts of its riders and drivers. Uber paid $100,000 through bug-bounty program HackerOne to the two men who discovered the leak. The payment was positioned as a bug bounty even though the finders made extortion-like demands. Uber CISO John Flynn testified before the U.S. Senate subcommittee on Consumer Protection, Product Safety, Insurance and Data Security. Flynn told senators that the company should have notified the public sooner about the breach.”]
Source: https://www.govinfosecurity.com/uber-no-justification-for-breach-cover-up-a-10637