Pennsylvania AG Sues Uber over 2016 Massive Data Breach

Uber faces lawsuit over 2016 data breach

The Pennsylvania Attorney General’s Office filed a lawsuit against Uber Technologies for its failure to disclose the 2016 massive data breach.

In a statement, AG Shapiro said Uber violated the Pennsylvania Breach of Personal Information Notification Act. The ride-sharing company knew about the problem for than a year. However, it did not immediately inform people affected by the data breach.

In November, Uber disclosed that hackers stole the personal data of 57 million people worldwide including 600,000 U.S. drivers. The ride-sharing company tried to conceal the data breach. It paid the hackers $100,000 to delete the stole data and keep the breach secret.

Uber committed outrageous corporate misconduct

On Monday, AG Shapiro said the data breach affected at least 13,500 Pennsylvania drivers. Under the state’s data breach notification law, Uber is required to notify the persons affected by the incident within a reasonable period. The ride-sharing company failed to comply with the law.

According to AG Shapiro, “Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach. Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”

The Pennsylvania AG’s Office may seek at least $13.5 million in civil penalties from the ride-sharing company. Under the law, the top legal counsel of the state may seek up to $1,000 for each violation.

AG Shapiro also stated that Uber violated the Pennsylvania Unfair Trade Practices and Consumer Protection Law. The Pennsylvania AG’s Office filed the lawsuit against the ride-sharing company with the Philadelphia Court of Common Pleas on Monday.

AG Shapiro is also leading a national investigation into the Equifax data breach, which affected 148 million Americans including 5.5 million Pennsylvanians.