Pennsylvania Sues Uber Over Data Breach Cover-Up
Ride-share company Uber has been sued yet again, this time by the Attorney General of Pennsylvania.
"Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach," Attorney General Josh Shapiro said. "Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and stay quiet. That's just outrageous corporate misconduct, and I'm suing to hold them accountable and recover for Pennsylvanians."
The lawsuit, filed in the Philadelphia Court of Common Pleas on March 5, charges Uber with breaking state law by withholding information from thousands of drivers. Although hackers had stolen the names and driver license numbers of at least 13,500 Pennsylvania Uber drivers, the ride-share company did not disclose the fact until more than a year later.
In November, after intense public scrutiny, Uber finally admitted that the company had covered up a hacking attack that exposed the personal identifying information of around 57 million customers and drivers.
Under state law, the Attorney General's office could seek up to $1,000 per violation, amounting to a total of $13.5 million.
"The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes," Shapiro said.
The Pennsylvania lawsuit is not the first filing of its kind. In November, Washington State and the city of Chicago both sued the ride-share company over the same data breach.
Uber could not be reached for comment.