Washington state sues Uber for millions over data breach cover up

Casey Dawson
November 30, 2017

Last week, Uber acknowledged that more than a year ago, it paid hackers a US$100,000 (NZ$145,050) ransom to destroy personal data they stole concerning more than 57 million of its customers and drivers. The suit is the first enforcement action under the 2015 amendments to Washington's data breach law, and the damages theory will likely amount to several millions of dollars.

"In the United Kingdom this involved approximately 2.7 million riders and drivers", Uber wrote in a blog post on Wednesday.

Separately, prosecutors in the USA have heard that Uber may have hired ex-CIA intelligence operatives to conduct surveillance on its rivals.

"When [the breach] happened, we took immediate steps to secure the data, shut down further unauthorised access, and strengthen our data security", the company added.

The stolen information includes names, email addresses and phone numbers and - for U.S. drivers - licence numbers.

Trump drops 'Pocahontas' jibe to Native American veterans
He seized in particular on questions about her heritage, which surfaced during her 2012 Senate race challenging incumbent Sen. This is what my brothers and I were told by my mom and my dad, my mammaw and my pappaw.

The attorney general is seeking a penalty of $2,000 for each of the almost 11,000 Washington residents affected by the breach.

Several states, including Missouri, Massachusetts and NY, have opened investigations, and the city of Chicago sued Uber on Tuesday for failing to notify affected residents. "The order also requires Uber to implement a comprehensive program to protect the privacy and confidentiality of the personal information it collects and maintains".

In Britain, Uber drew around 2.85 million users, on average, over the past three months, according to web and mobile app traffic measurement firm SimilarWeb, indicating that most British Uber users were likely caught up in the breach.

Ferguson's lawsuit is the first from a state, although attorneys general in New York, Missouri, Massachusetts, Connecticut and IL have begun investigations, and the city of Chicago and Cook County have filed a lawsuit. However, Attorney General Ferguson contends that each day that Uber failed to report the breach to each of the drivers-as well as to his office-counts as a separate violation. If that penalty were applied to each of the affected drivers in Washington, it would total almost $22 million in penalties.

"We have seen no evidence of fraud or misuse tied to the incident", Uber said in a statement.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER