Uber is in hot water! The ride-sharing company is being sued by none other than Pennsylvania’s Attorney General, Josh Shapiro. The attorney general wants to bring them to court for hiding a data breach from customers for more than 12 months.
Shapiro discovered that Uber purposely hid a major hack from its clients for over a year. The incident occurred in October 2016 and Uber notified the public in November 2017. The company used this time to pay the hackers to delete the stolen data and keep quiet about the whole fiasco.
The hackers managed to access and steal names, email addresses, phone numbers, and even driver’s license numbers. Around 25 million users and drivers in the US were affected by the breach. Thankfully, no credit card information or Social Security numbers were stolen. Uber’s chief legal officer, Tony West, highlighted this fact heavily in a public statement: “While we do not in any way minimize what occurred, it’s crucial to note that the information compromised did not include any sensitive consumer information such as credit card numbers or Social Security numbers, which present a higher risk of harm than driver’s license numbers.”
That doesn’t seem to faze the AG, who has been outspoken in his statements: “[it was an] outrageous corporate misconduct.” For him, the misconduct is clear as day: “Uber paid the hackers at least $100,000 to delete the acquired consumer data and keep quiet about the breach.”
Under the state’s law, Uber could be fined $1,000 for each violation. In the end, that would amount to $13.5 million!
In other cybersecurity news, US authorities are currently doing their best to uncover and punish cyber crimes. Attorney General Jeff Sessions has recently announced the formation of a task force with that exact purpose in mind.