LONDON (Reuters) - Uber’s [UBER.UL] secret $100,000 pay-off to hackers to cover up a massive breach of customer and driver data at the ride-hailing firm raises “huge concerns” about its data policies and ethics, Britain’s data protection regulator said on Wednesday.

“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies,” James Dipple-Johnstone, deputy commissioner of the UK Information Commissioner’s Office, said in a statement.

The maximum penalty is 500,000 pounds ($662,350.00) under current British law for organizations that fail to notify affected users and regulators when data breaches occur.

The new management of San Francisco-based Uber said on Tuesday that it had only learned recently that personal information from about Uber 57 million accounts had been stolen in 2016. Chief Executive Dara Khosrowshahi, who replaced co-founder Travis Kalanick as CEO in August, said the company had fired two senior security officials involved in the cover-up.

Uber said it was in the process of notifying various regulatory authorities but declined to comment further.

($1 = 0.7549 pounds)