Whether it is breaking a window with a rock or suffering a massive cyberbreach, the common parental refrain still rings true: the coverup can be worse than the act. Unfortunately for Uber, the popular ride-sharing company, that lesson is being re-learned the hard way.

In the face of mounting lawsuits, from class action suits to government-initiated complaints, Uber’s failure to timely disclose a 2016 cyberattack has become a case study in what can go wrong if a company fails to implement and execute a data breach response plan.