The Pennsylvania Attorney General’s Office filed a lawsuit against Uber Technologies for its failure to disclose the 2016 massive data breach.
In a statement, AG Shapiro said Uber violated the Pennsylvania Breach of Personal Information Notification Act. The ride-sharing company knew about the problem for than a year. However, it did not immediately inform people affected by the data breach.
In November, Uber disclosed that hackers stole the personal data of 57 million people worldwide including 600,000 U.S. drivers. The ride-sharing company tried to conceal the data breach. It paid the hackers $100,000 to delete the stole data and keep the breach secret.
Uber committed outrageous corporate misconduct
On Monday, AG Shapiro said the data breach affected at least 13,500 Pennsylvania drivers. Under the state’s data breach notification law, Uber is required to notify the persons affected by the incident within a reasonable period. The ride-sharing company failed to comply with the law.
According to AG Shapiro, “Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach. Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”