Uber is in hot water – yet again. The ride-sharing company is getting sued by none other than Pennsylvania’s AG, Josh Shapiro. The attorney general want to go to court with them for hiding a data breach from customers for more than 12 months!
Pennsylvania Attorney General Josh Shapiro discovered that Uber purposely hid a major hack from its clients for over a year. The incident occurred in October 2016 and Uber notified the public in November 2017. The company used this time to pay the hackers to delete the data stolen and keep quiet about the whole fiasco.
The hackers managed to access and steal names, email addresses, phone numbers and even driver’s license numbers! Around 25 million users in the US were affected by the breach, with 4.1 million drivers. Thankfully, no credit card information or Social Security numbers were stolen. That’s the only thing Uber’s chief legal officer, Tony West, could use in his company’s favor: “While we do not in any way minimize what occurred, it’s crucial to note that the information compromised did not include any sensitive consumer information such as credit card numbers or Social Security numbers, which present a higher risk of harm than driver’s license numbers,” he said.
That doesn’t seem to faze the AG, who has been radical in his statements: “[it was an] outrageous corporate misconduct.” For him, the misconduct is clear as day: “Uber paid the hackers at least $100,000 to delete the acquired consumer data and keep quiet about the breach.” That’s all sorts of wrong, if you ask me.
For each violation, under the state’s law, Uber could get fined for $1,000. In the end, that would amount to $13.5 million!
US authorities are currently doing their best to uncover and punish cyber crimes. Attorney General Jeff Sessions has recently announced the formation of a task force with that exact purpose in mind.