DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Pennsylvania’s attorney general sues Uber over 2016 data breach

Posted on March 5, 2018 by Dissent
Stock image: Dreamstime

Harper Neidig reports that the Pennsylvania Attorney General is suing Uber over its 2016 data breach. The following is the state’s press release:

HARRISBURG – Pennsylvania Attorney General Josh Shapiro today filed a lawsuit against Uber Technologies, Inc. for violating Pennsylvania’s data breach notification law.  Uber knew for more than a year that a data breach potentially impacting 57 million passengers and drivers around the world had happened – but the company failed to disclose the breach until last November.

At least 13,500 Pennsylvania Uber drivers were impacted by the breach. Their first and last names and their drivers’ license numbers were stolen by hackers. Under Pennsylvania’s data breach notification law, Uber was required to notify impacted persons of the breach within a reasonable time frame, but the company failed its duty to do so.

“Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,” Attorney General Shapiro said. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”

The lawsuit alleges Uber violated the Pennsylvania Breach of Personal Information Notification Act, which requires notice to persons impacted by a data breach within a “reasonable” time frame. The suit represents the first time Attorney General Shapiro is suing under that statute on consumers’ behalf. Under the law, the Attorney General’s office may seek remedies of up to $1,000 for each violation. With at least 13,500 Uber drivers impacted by the breach, the Attorney General’s legal team can seek civil penalties as high as $13.5 million from Uber.

A second claim in the lawsuit against Uber alleges the company’s conduct violated the Pennsylvania Unfair Trade Practices and Consumer Protection Law.

Attorney General Shapiro’s Bureau of Consumer Protection began investigating the Uber breach as soon as the company publicly disclosed it last fall. As many as 43 state Attorneys General have been investigating this data breach. Attorney General Shapiro directed his Bureau of Consumer Protection to file a lawsuit, and the suit was submitted this morning to the Philadelphia Court of Common Pleas.

The theft of drivers’ license information may leave persons vulnerable to identity theft, as thieves who gain access to the information use it to establish phony credit card accounts and run up huge debts in consumers’ names. Oft-times, stolen drivers’ license numbers are sold on the dark web as cyber-criminals build complete packages of information to steal a person’s identity. 

Another factor is the many other data breaches taking place around the same time as the Uber breach.  Personal financial data such as the kind stolen from consumers during the Equifax data breach – a massive breach impacting nearly 148 million Americans and at least 5.5 million Pennsylvanians – could  be combined by cyber-criminals with data stolen during the Uber breach to put together fraudulent profiles.

“The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes,” Attorney General Shapiro said. “That’s why my Bureau of Consumer Protection is not only taking action in the Uber breach today – we are also leading a national investigation into the Equifax breach.”

Pennsylvania drivers impacted by the Uber breach finally began receiving notice from the company of the breach beginning last November – more than a year after the breach occurred.

Attorney General Shapiro encouraged any Pennsylvanian who believes he or she may have been impacted by the Uber breach to file a complaint with his Bureau of Consumer Protection.

“We want to hear from you,” Attorney General Shapiro said. “Call my Bureau of Consumer Protection at 1-800-441-2555 or email us at [email protected]. Call me. We’re standing up to this company, and we need to know if you’ve been harmed.”

Attorney General Shapiro also recommended any Uber drivers in Pennsylvania who believe they were impacted by the breach should monitor their credit report to protect themselves from any further vulnerability.

Deputy Attorney General Timothy Murphy is the lead Bureau of Consumer Protection attorney on the Uber lawsuit.

Category: Business SectorOf Note

Post navigation

← Professor in department of health services unintentionally releases personal student information via email
N.C. Attorney General, State Representative Drafting Bipartisan Bill To Combat Security Breaches →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.