Uber sued after data stolen by hackers covered up

Uber

The ride-hailing company Uber broke Pennsylvania law when it failed to notify potential victims, including thousands of drivers, for a year after it discovered hackers had stolen their personal information, said the state attorney general, who sued the company Monday.

The lawsuit, filed in Philadelphia, said hackers stole the names and driver's license numbers of at least 13,500 Pennsylvania Uber drivers. It accused Uber of violating a state law requiring it to notify victims of a data breach within a "reasonable" time frame.

"Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year—and actually paid the hackers to delete the data and stay quiet," state Attorney General Josh Shapiro said in a statement. "That's just outrageous corporate misconduct, and I'm suing to hold them accountable and recover for Pennsylvanians."

Shapiro's office did not have details about riders who were affected, but asked Pennsylvanians who believes they may have been harmed by the Uber hack to file a complaint with the office.

Uber revealed in November that hackers in 2016 had stolen the names, email addresses and mobile phone numbers of 57 million riders around the world. The thieves also nabbed the driver's license numbers of 600,000 Uber drivers in the U.S. The breach did not include any credit card information or Social Security information, Uber said.

When it revealed the hack, Uber said there was no evidence the stolen data had been misused. It acknowledged paying the hackers $100,000 to destroy the stolen information.

Washington state and Chicago have sued Uber, and attorneys general in other states have said they were investigating Uber's data breach.

Uber said it is cooperating with Pennsylvania investigators.

"I've been up front about the fact that Uber expects to be held accountable; our only ask is that Uber be treated fairly and that any penalty reasonably fit the facts," Uber said in statement from its chief legal officer, Tony West.

The lawsuit seeks civil penalties into the millions of dollars, including $1,000 for each violation of consumer protection laws and $3,000 for each violation involving a victim who is 60 or older.

It is the first time Pennsylvania has sued under a 12-year-old state law that makes failing to notify potential victims of a breach of personal information punishable under consumer protection laws.


Explore further

Washington state sues Uber over data breach cover-up

© 2018 The Associated Press. All rights reserved.

Citation: Uber sued after data stolen by hackers covered up (2018, March 5) retrieved 22 July 2019 from https://phys.org/news/2018-03-uber-sued-stolen-hackers.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
13 shares

Feedback to editors

User comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more