Pennsylvania the latest state to sue Uber for failing to disclose 2016 data breach
Pennsylvania sued Uber Technologies Inc. today, becoming the latest government to take legal action over the ride-hailing giant’s coverup of a data breach that affected 57 million customer and contractors in 2016.
The new suit, announced by Attorney General Josh Shapiro Monday, alleges that Uber violated Pennsylvania’s Breach of Personal Information Notification Act, a law that requires companies that experience a data breach to notify those affected within a reasonable time.
“Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,” Shapiro said in a statement. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”
The suit itself addresses compensation for Uber drivers specifically. Shapiro claims there are 13,500 in his state, and the lawsuit seeks payment of $1,000 for each violation, $13.5 million in total.
Pennsylvania joins a growing list of states and municipalities that have filed lawsuits against Uber. After it was reported in November that at least five states were investigating Uber over their failure to disclose its data breach, Washington became the first to file a lawsuit in later the same month, followed by the City of Chicago on the same grounds as Pennsylvania — failure to comply with its local data breach notification law.
The number may well yet grow. The Hill reported that there are now 43 states investigating Uber over the matter.
For its part, Uber said that although it was disappointed by Pennsylvania’s lawsuit, it took responsibility for the failure to disclose.
“We make no excuses for the previous failure to disclose the data breach,” Uber’s chief legal officer, Tony West said in statement. “While we do not in any way minimize what occurred, it’s crucial to note that the information compromised did not include any sensitive consumer information such as credit card numbers or Social Security numbers, which present a higher risk of harm than driver’s license numbers.”
Photo: ell-r-brown/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU