Uber sued after data stolen by hackers covered up

March 5, 2018 by Marc Levy

The ride-hailing company Uber broke Pennsylvania law when it failed to notify potential victims, including thousands of drivers, for a year after it discovered hackers had stolen their personal information, said the state attorney general, who sued the company Monday.

The lawsuit, filed in Philadelphia, said hackers stole the names and driver's license numbers of at least 13,500 Pennsylvania Uber drivers. It accused Uber of violating a state law requiring it to notify victims of a data breach within a "reasonable" time frame.

"Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year—and actually paid the hackers to delete the data and stay quiet," state Attorney General Josh Shapiro said in a statement. "That's just outrageous corporate misconduct, and I'm suing to hold them accountable and recover for Pennsylvanians."

Shapiro's office did not have details about riders who were affected, but asked Pennsylvanians who believes they may have been harmed by the Uber hack to file a complaint with the office.

Uber revealed in November that hackers in 2016 had stolen the names, email addresses and mobile phone numbers of 57 million riders around the world. The thieves also nabbed the driver's license numbers of 600,000 Uber drivers in the U.S. The breach did not include any credit card information or Social Security information, Uber said.

When it revealed the hack, Uber said there was no evidence the stolen data had been misused. It acknowledged paying the hackers $100,000 to destroy the stolen information.

Washington state and Chicago have sued Uber, and attorneys general in other states have said they were investigating Uber's data breach.

Uber said it is cooperating with Pennsylvania investigators.

"I've been up front about the fact that Uber expects to be held accountable; our only ask is that Uber be treated fairly and that any penalty reasonably fit the facts," Uber said in statement from its chief legal officer, Tony West.

The lawsuit seeks civil penalties into the millions of dollars, including $1,000 for each violation of consumer protection laws and $3,000 for each violation involving a victim who is 60 or older.

It is the first time Pennsylvania has sued under a 12-year-old state law that makes failing to notify potential victims of a breach of personal information punishable under consumer protection laws.

Explore further: Washington state sues Uber over data breach cover-up

Related Stories

Washington state sues Uber over data breach cover-up

November 28, 2017

Washington state is suing the ride-hailing company Uber, saying it broke state law when it failed to notify more than 10,000 drivers in the state that their personal information was accessed as part of a major data breach.

Uber in London court in employment case

September 27, 2017

Uber lawyers are in a London courtroom trying to overturn a ruling that its drivers are employees of the ride-hailing service—not independent contractors.

Uber limits driver hours in Britain to 10

January 16, 2018

US ride-hailing app Uber on Tuesday said it would cap the number of hours its drivers can work in Britain from next week in a bid to increase safety after heavy criticism of its business practices.

Uber in legal crosshairs over hack cover-up

November 22, 2017

Two US states on Wednesday confirmed they are investigating Uber's cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers.

Recommended for you

In colliding galaxies, a pipsqueak shines bright

February 20, 2019

In the nearby Whirlpool galaxy and its companion galaxy, M51b, two supermassive black holes heat up and devour surrounding material. These two monsters should be the most luminous X-ray sources in sight, but a new study using ...

When does one of the central ideas in economics work?

February 20, 2019

The concept of equilibrium is one of the most central ideas in economics. It is one of the core assumptions in the vast majority of economic models, including models used by policymakers on issues ranging from monetary policy ...

Research reveals why the zebra got its stripes

February 20, 2019

Why do zebras have stripes? A study published in PLOS ONE today takes us another step closer to answering this puzzling question and to understanding how stripes actually work.

Correlated nucleons may solve 35-year-old mystery

February 20, 2019

A careful re-analysis of data taken at the Department of Energy's Thomas Jefferson National Accelerator Facility has revealed a possible link between correlated protons and neutrons in the nucleus and a 35-year-old mystery. ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.