Uber’s decision to keep quiet about last year’s data breach until earlier this week raises the prospect that the incident could affect SoftBank’s offer price. SoftBank learned of the hack about a month ago, which may have changed its evaluation of Uber’s shares, according to people familiar with the matter.
Some investors and observers say corporate breaches are becoming so routine that they shouldn’t weigh on a company’s valuation, though Uber’s string of controversies this year has given shareholders reason to question what’s next.
A group of investors led by SoftBank plans to launch an effort in the coming days to buy at least 14% of the ride-hailing firm from existing shareholders through the tender offer at a steep discount, as well as through a direct investment of at least $1 billion at Uber’s prior $68 billion valuation. The investor group includes Dragoneer Investment Group and General Atlantic.
SoftBank has negotiated for weeks with Uber’s board to move forward with a deal, while some big investors have privately said they would balk if the valuation is too low. Former CEO Travis Kalanick, who holds about 10% of Uber shares, has indicated he won’t sell in the tender offer, while Benchmark Capital has wavered on whether it would sell some of its 13% stake.
A spokesman for Mr. Kalanick declined to comment. Benchmark Capital had no immediate comment.
The Japanese firm hasn’t yet set a price, said a person familiar with the matter, though talks between the SoftBank consortium and Uber investors in recent weeks centered on a valuation around $50 billion. While a discount is customary in so-called secondary sales, some investors have also marked down their valuations of the company amid its executive suite turmoil in the past year.
SoftBank wants to name the lowest number possible, while investors and board members are pushing for a higher valuation. Too steep of a discount risks repelling would-be sellers and imperiling the tender offer, which lasts 20 business days. SoftBank can try again at a higher price if its initial attempt fails.
It is in Uber’s interest to get the deal done. In October, the board passed a series of corporate-structure reforms that only kick in if the SoftBank consortium reaches its 14% stake threshold. The reforms include revoking the supervoting rights of early investors, which granted them multiple votes per share, as well as expanding the size of the board by six to 17 directors. SoftBank would get two of the new seats. As part of those measures, Uber also set a deadline of 2019 for an initial public offering.
Uber was obligated to disclose the hack before the tender offer was announced because a breach of its size could be material to investors, people familiar with the matter have said. The disclosure means all Uber investors and employees are now aware, which could strengthen SoftBank’s hand, observers said.
“This is just going to be more leverage for SoftBank,” said Anand Sanwal, chief executive of tech-focused research firm CB Insights. If investors believe there is new potential for litigation and regulatory measures, he said, “that is going to have an impact on the valuation.”
Mitchell Green, founding partner at Lead Edge Capital, an Uber investor, said breaches have become so commonplace that consumers are going to keep using the service and the core business won’t be affected.
The breach should have been disclosed, Mr. Green said, but the executives that oversaw that decision are now gone, and he said there is wide support for the new chief executive. “That was Uber 1.0,” Mr. Green said. Now, “this company is being run by seasoned management,” he said.
Uber said no financial information was obtained in the breach and it has found no evidence of fraudulent use of personal information. It said it was assured the stolen data was destroyed.
While numerous hacks in the early 2000s frequently hurt corporate stock prices after they were disclosed, data breaches in recent years have generally had little impact on the market values of large corporations, such as Home Depot Inc. and Sears Holdings Corp.That is because investors now assume such hacks will continue for a wide range of companies, said Karthik Kannan, a management professor at Purdue University who researches the subject.
There are recent exceptions. Equifax Inc. has lost more than $3 billion of its market valuesince it disclosed a breach that potentially exposed more than 145 million Americans’ personal information, while Verizon Communications Inc. lowered the price it paid to buyYahoo Inc. by about $350 million after Yahoo disclosed widespread data breaches from 2013 and 2014.
For Uber, the concerns extend beyond cybersecurity. The decision under Mr. Kalanick not to disclose the breach raises more questions about Uber’s past management after a year of scandals and legal issues. While Mr. Kalanick learned of the breach about a month after it happened, Uber decided not to tell riders, drivers and the government, paying $100,000 to two hackers to destroy the data.
Srikanth Paruchuri, a professor at Penn State University who has studied the effects of corporate malfeasance on firms and industries, said valuations fall not only because of the additional costs of litigation or regulation, but because of rising fears about the unknown. With Uber, “it increases the uncertainty about what is hidden,” Mr. Paruchuri said.