Lawsuit filed against Uber for massive data breach

  • Lawsuit filed against Uber for massive data breach

Lawsuit filed against Uber for massive data breach

The ride-hailing company Uber broke Pennsylvania law when it failed to notify potential victims, including thousands of drivers, for a year after it discovered hackers had stolen their personal information, said the state attorney general, who sued the company Monday. The suit represents the first time Attorney General Shapiro is suing under that statute on consumers' behalf. The Commonwealth says Uber broke state law by waiting a year to notify more than 13,000 drivers that their personal information had been stolen by hackers.

Uber failed to notify some 57 million users that their data - including names, email addresses, phone numbers and driver's license numbers - was exposed when hackers accessed that information in 2016, CEO Dara Khosrowhshahi revealed in November 2017.

In Pennsylvania, Shapiro says at least 13,500 Uber drivers were affected.

"Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach", said Shapiro in a press release.

The Attorney General's office may seek remedies of up to $1,000 for each violation, and with at least 13,500 Uber drivers impacted, the General's legal team could seek civil penalties as high as $13.5 million from Uber. "We investigated the incident, disclosed the circumstances to state and federal regulators, and reached out to state Attorneys General, including Attorney General Shapiro, to express Uber's desire to cooperate fully with any investigations".

The company published a post, "2016 Data Security Incident", written by its then-new CEO Dara Khosrowshahi to its website back on November 21, 2017.

Uber said it is cooperating with Pennsylvania investigators.

The stolen data had been stored on Uber's Amazon Web Services cloud account.

"While we make no excuses for the previous failure to disclose the data breach, Uber's new leadership has taken a series of steps to be accountable and respond responsibly", the spokesperson said in a statement. Over 50 million riders' and 7 million drivers' data was affected.

At least 43 states are now investigating the Uber breach, Mr. Shapiro's office said Monday.

As many as 43 attorneys general around the country have been investigating the data breach, which he said leaves drivers open to identity theft.

In the aftermath, Khosrowshahi said that two employees with its cybersecurity consulting firm were let go, they individually notified those with stolen driver's license numbers and provided those affected with free credit and identity theft monitoring, as well as finally notifying the regulatory authorities.

Fresh off settling Alphabet's self-driving lawsuit against the company, Uber's new Chief Legal Officer Tony West continues to grapple with a number of legal issues that he inherited.

"None of this should have happened, and I will not make excuses for it". "We are changing the way we do business".