Lawsuits Pile Up on Uber

  /     /     /  
Publicated : 22/11/2024   Category : security


Lawsuits Pile Up on Uber


Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.



Its been quite a week for Uber as the lawsuits from its recent high-profile breach keep on coming. The popular ride-hailing company has been under fire ever since it was
disclosed
that the company took more than a year to notify consumers of a breach, after which it allegedly paid hackers $100,000 to keep the attack quiet.
The hack reportedly affected 57 million people worldwide and exposed names and drivers license numbers of some 600,000 drivers in the United States.  
First, on Monday, the city of
Chicago
and Cook County filed a lawsuit asking the court to fine Uber $10,000 a day for each violation of a consumers privacy. The suit contends Uber took much too long to report the breach.
Next, on Tuesday,
Washington
State Attorney General Bob Ferguson filed a consumer protection lawsuit against Uber, asking for penalties of up to $2,000 per violation. The lawsuit alleges that at least 10,888 Uber drivers in Washington were breached, so the lawsuit could result in millions of dollars of penalties.
On top of the two lawsuits from state and local governments, Uber has also been hit with two class-action lawsuits. Both cases were filed last week. The first,
Alejandro Flores v. Raiser
was filed in federal court in Los Angeles. The second lawsuit,
Danyelle Townsend and Ken Tew v. Uber
, was filed in federal court in San Francisco.
Multiple state governments also say that they are conducting investigations into the Uber breach. Dark Reading has confirmed ongoing investigations by the states of Connecticut, Massachusetts, Missouri, and New York.   
The lawsuit by the state of Washington was seen as significant, because it was the first lawsuit against Uber filed by a state government. Under a 2015 amendment to the states data breach law, consumers must be notified within 45 days of a breach, and the Attorneys Generals office also must be notified within 45 days if the breach affects 500 or more Washington residents. Tuesdays lawsuit was the first one filed under the revised statute.
Washington law is clear: When a data breach puts people at risk, businesses must inform them, Ferguson said in a press release. Ubers conduct has been truly stunning. There is no excuse for keeping this information from consumers.
Craig Spiezle, chairman emeritus of the Online Trust Alliance, says the Uber case may spark renewed calls for national data breach legislation. In the past, theres been a general consensus for such a measure because companies must grapple with the cost of  handling the compliance requirements of 48 separate state data breach laws.
The European Union has a data breach notification requirement of 72 hours, says Spiezle, who worked closely with Attorney General Ferguson on the data breach law in Washington. While three days is really not enough time, I think Washingtons 45-day law is very generous. Ive actually been on the record calling for a notification period of 10 days.
The last time the federal government talked seriously about national data breach legislation was in early 2015. At the time, the Obama administration called for a notification period of 30 days. Legislation sponsored that year by Sen. Tom Carper (D-Del) and Sen. Roy Blunt (R-Mo.) would have required companies to notify federal agencies and consumers of a breach that affects more than 5,000 consumers. Few other details were released, such as which agencies companies should report to first, the Department of Homeland Security or the FBI, and the issue slowly died as the 2016 election year morphed into 2017, the nations first under the Trump administration. 
In response to this most recent Uber case, Sen. Richard Blumenthal (D-Conn.) last week called for the Federal Trade Commission to investigate the Uber breach and impose strict penalties. And Sen. Mark Warner (D-Va.) has expressed support for national data breach legislation. A spokesman for Sen. Warner would offer no new details and would only say national data breach legislation continues to be a top priority for the senator.
Efforts to reach Sen. John Thune (R-S.D.) were unsuccessful. Sen. Thune chairs the Senates Commerce, Science and Transportation committee, which could potentially play an important role in any national data breach legislation. 
Related Content:
Ubers Security Slip-ups: What Went Wrong
Why Security Depends on Usability -- and How to Achieve Both
Security Gets Social: 10 of Dark Readings Most Shared Stories

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Lawsuits Pile Up on Uber