Washington AG sues Uber in wake of data breach

The Washington state Attorney General Bob Ferguson filed a lawsuit against Uber over its failure to disclose a data breach that exposed the data of nearly 57 million customers.

Mr. Ferguson alleges the ride-sharing company violated a state law when it failed to inform customers their data had been stolen in 2015. Instead, Uber reportedly paid hackers $100,000 to cover up a cyberattack in which they stole names, email addresses and phone numbers of 50 million Uber riders around the world, as well as the personal information of 7 million drivers, including nearly 600,000 U.S. driver's license numbers. 

"Washington law is clear: When a data breach puts people at risk, businesses must inform them," Mr. Ferguson said. "Uber's conduct has been truly stunning. There is no excuse for keeping this information from consumers."

The attack remained a secret for just over a year until officials at Uber ousted its chief security officer and one of his deputies for their roles in the cover-up.

In Washington, companies are required to disclose data breaches to affected customers and the AG's office within 45 days. Now, Mr. Ferguson is seeking a penalty of up to $2,000 for each day past the 45-day deadline Uber waited to disclose the breach. Since the company waited until Nov. 21, 2017, or nearly 372 days, to report the breach to Washington, the settlement could be millions of dollars.

The complaint was filed Tuesday in King County Superior Court.

More articles on cybersecurity: 

Federal government considers digital currency

Microsoft plans to rebuild its Redmond headquarters, aims for mini-city feel

4 new Amazon cloud tools introduced at re:Invent

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months