PA AG Sues Uber Over Data Breach

Uber data breach litigation

Uber Technologies was handed a lawsuit from Pennsylvania Attorney General (AG) Josh Shapiro on Monday (March 5) over charges it violated the state’s data breach notification law.

In a press release, the AG’s office said Uber knew for more than a year that it had been hit by a data breach that could have impacted its 57 million customers and drivers but failed to disclose knowledge of it to the public. Reports have surfaced that Uber even paid the hackers $100,000 to keep the breach quiet.

“Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,” Attorney General Shapiro said in the press release. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year — and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”

According to Shapiro, at least 13,500 Pennsylvania Uber drivers were impacted by the breach, with their first and last names and drivers’ license numbers stolen by hackers. Under Pennsylvania’s data breach notification law, Uber was required to notify those impacted within a reasonable timeframe, which it failed to do. Under the Pennsylvania Breach of Personal Information Notification Act, the AG’s office can seek remedies of up to $1,000 for each violation. With at least 13,500 Uber drivers from the state impacted, the AG can seek civil penalties of as much as $13.5 million from the ridesharing company.

In addition to violating the breach notification law, the AG’s office said Uber also violated the  Pennsylvania Unfair Trade Practices and Consumer Protection Law.

“The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes,” Attorney General Shapiro said. “That’s why my Bureau of Consumer Protection is not only taking action in the Uber breach today — we are also leading a national investigation into the Equifax breach.”



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.