Uber
Future Society

Uber Is Getting Sued for Not Disclosing Its 2016 Data Breach

The Pennsylvania Attorney General is displeased.

Chelsea GohdMarch 5th 2018

Uber Data Everywhere

This morning, Pennsylvania Attorney General Josh Shapiro filed a lawsuit against Uber relating to a major data breach. The breach took place in October 2016, but Uber didn’t notify users about it until November 2017, which Shapiro alleges is illegal.

“Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,” he said in a press release. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”

The massive data breach compromised the data of a staggering 57 million Uber users, and not just customers. Of the 25 million U.S. users affected, 4.1 million were Uber drivers, and the hackers gained access to their names, email addresses, phone numbers, and driver’s license numbers.

Shapiro has the power to sue Uber for $1,000 per violation against a Pennsylvania resident, which adds up to roughly 13,500 violations. If the state wins its case, Uber could owe upwards of $1.3 million.

Breaches Happen

Uber is no stranger to legal trouble and scandal. In 2017 alone, the company faced criticism for its toxic culture, history of workplace harassment, and involvement in President Trump’s advisory council. It also dealt with lawsuits, leadership issues, resignations, a government investigation, backlash against the misuse of a passenger’s medical records after a sexual assault that occurred in an Uber ride, which led to another lawsuit, and so much more.

Based on Shapiro’s lawsuit, it looks like the company’s 2018 might not be any less tumultuous.

Of course, Uber isn’t the first company targeted by hackers, but Shapiro isn’t suing Uber because of the data breach. He’s suing the company for its response to the breach.

While other major companies should do everything they can to protect users’ data, breaches can and do happen. At that point, a company has a responsibility to inform its customers about the situation.

Ultimately, by suing Uber, Shapiro could deliver a wake-up call to companies that think keeping users in the dark is an acceptable response when hackers access their data.

Keep up. Subscribe to our daily newsletter.

I understand and agree that registration on or use of this site constitutes agreement to its User Agreement and Privacy Policy
Next Article
////////////