Attorney General Shapiro Files Lawsuit against Uber for Massive Data Breach

2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f84990%2f514c4fc9 391c 44ce b24d 8df80bcfd3e0

"Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year - and actually paid the hackers to delete the data and stay quiet".

Shapiro is suing the company for violating Pennsylvania's data breach notification law.

Shapiro said Uber's payoff was "outrageous corporate misconduct" in a statement.

The state is suing for damages up to $1,000 for each driver and for each violation, seeking penalties as high as $13.5 million. Personal financial data such as the kind stolen from consumers during the Equifax data breach - a massive breach impacting almost 148 million Americans and at least 5.5 million Pennsylvanians - could be combined by cyber-criminals with data stolen during the Uber breach to put together fraudulent profiles.

The company informed the public of the breach in November 2017. For example, personal information stolen from the Equifax breach could be combined with data from the Uber breach, giving criminals a greater opportunity to commit identity theft.

Any Pennsylvanians who believe they might have been impacted by the breach is encouraged to file a complaint with Shapiro's Bureau of Consumer Protection.

Data breaches have become a fact of life in a world devoted to apps, e-commerce and an internet overstuffed with personal information.

Pennsylvania joins a growing list of states and municipalities that have filed lawsuits against Uber. "Instead of notifying them in a timely fashion, they covered it up for more than a year".

The Pennsylvania attorney general's office is also taking multiple breaches into account.

The company published a post, "2016 Data Security Incident", written by its then-new CEO Dara Khosrowshahi to its website back on November 21, 2017.

Pennsylvania's attorney general is suing the ride-hailing company Uber, saying it broke state law when it failed to notify thousands of drivers for a year that hackers stole their personal information. Uber said this included first and last names, email addresses and phone numbers. "And as a result of that, we think that they violated two laws in Pennsylvania: our data breach notification law and our unfair trade practices law".

After learning about the breach, Khosrowshahi opened an investigation into how the company handled the incident and fired two people who handled the response process, including Joe Sullivan, Uber's chief security officer.

"We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers".

Kalanick resigned from his role as Uber's CEO back on June 21, which capped off a turbulent run for the company before launching its new driver-focused initiative.



Other news