Uber Faces Lawsuit in Pennsylvania Over 2016 Data Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


Uber Faces Lawsuit in Pennsylvania Over 2016 Data Breach


Pennsylvanias attorney general has filed a lawsuit against Uber, claiming that 13,500 residents had their personal information compromised and the company did not alert its customers.



Pennsylvania Attorney General Josh Shapiro has filed a consumer-protection lawsuit against Uber, claiming that the company violated the states consumer protection laws, following a massive data breach disclosed last year.
In the lawsuit, filed March 5, Shapiro claims that 13,500 Pennsylvania drivers who work for Uber had their first name, last name and drivers license numbers stolen during the October 2016 data breach. Uber did not notify drivers and consumers until November 2017.
Since Uber did not notify the drivers in accordance to state law, the company violated Pennsylvanias Breach of Personal Information Notification Act, which requires identity theft victims affected by a data breach to be notified within a reasonable timeframe.
(Source:
iStock
)
Under state law, Uber faces a $1,000 fine for each violation, meaning that the company is looking at a potential $13.5 million lawsuit from the AGs office.
Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year -- and actually paid the hackers to delete the data and stay quiet, 
Shapiro wrote in a statement
. Thats just outrageous corporate misconduct, and Im suing to hold them accountable and recover for Pennsylvanians.
In November, the companys new CEO Dara Khosrowshahi announced in a blog post that company was the victim of a massive data breach which compromised the personal information of about 57 million Uber users and drivers. The theft included names, email addresses, mobile phone numbers, and US drivers license numbers. (See
Uber Loses Customer Data: Customers Yawn & Keep Riding
.)
Adding insult to injury is that, during the 13-month delay in notifying victims, Uber apparently worked to cover up the incident with federal regulators and then paid about $100,000 to the cyberthieves to erase the stolen data.
The fundamentals of network security are being redefined -- dont get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth annual 
Big Communications Event
. Theres still time to register and communications service providers get in free!
The breach actually happened while Travis Kalanick, Ubers founder, was still working as the companys CEO.
In a statement to Security Now, Tony West, Ubers chief legal officer, 
noted
:

While I was surprised by Pennsylvanias complaint this morning, I look forward to continuing the dialogue weve started as Uber seeks to resolve this matter. We make no excuses for the previous failure to disclose the data breach. While we do not in any way minimize what occurred, its crucial to note that the information compromised did not include any sensitive consumer information such as credit card numbers or social security numbers, which present a higher risk of harm than drivers license numbers.

In his statement, Shapiro noted that his office is continuing to investigate the incident and is urging anyone who may have had their identity stolen to contact the AGs office.
Related posts:
Retail Security Threat Season is in Full Swing
My Cybersecurity Predictions for 2018, Part 3: Protecting Killer Cars
My Cybersecurity Predictions for 2018, Part 1: Following Trends & the FTC
Autonomous Cars Must Be Secure to Be Safe
— Scott Ferguson, Editor, 
Enterprise Cloud News
. Follow him on Twitter 
@sferguson_LR
.

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Uber Faces Lawsuit in Pennsylvania Over 2016 Data Breach