Uber's massive hack: What we know

"According to Andrea Matwyshyn, professor of law and computer science at Northeastern University, if companies help cyber criminals make money off hacks, they will only continue.

"The problem with viewing this as some sort of simple risk management decision is that it underestimates the basis for an attacker's business model," Matwyshyn told CNN Tech. "It doesn't address the underlying problem in your own organization -- your security practices need revision and you're failing to adequately protect your assets including your own proprietary information, and your customers' data.""