PA AG Sues Uber Over Data Breach

Uber data breach litigation

Uber Technologies was handed a lawsuit from Pennsylvania Attorney General (AG) Josh Shapiro on Monday (March 5) over charges it violated the state’s data breach notification law.

In a press release, the AG’s office said Uber knew for more than a year that it had been hit by a data breach that could have impacted its 57 million customers and drivers but failed to disclose knowledge of it to the public. Reports have surfaced that Uber even paid the hackers $100,000 to keep the breach quiet.

“Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,” Attorney General Shapiro said in the press release. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year — and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”

According to Shapiro, at least 13,500 Pennsylvania Uber drivers were impacted by the breach, with their first and last names and drivers’ license numbers stolen by hackers. Under Pennsylvania’s data breach notification law, Uber was required to notify those impacted within a reasonable timeframe, which it failed to do. Under the Pennsylvania Breach of Personal Information Notification Act, the AG’s office can seek remedies of up to $1,000 for each violation. With at least 13,500 Uber drivers from the state impacted, the AG can seek civil penalties of as much as $13.5 million from the ridesharing company.

In addition to violating the breach notification law, the AG’s office said Uber also violated the  Pennsylvania Unfair Trade Practices and Consumer Protection Law.

“The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes,” Attorney General Shapiro said. “That’s why my Bureau of Consumer Protection is not only taking action in the Uber breach today — we are also leading a national investigation into the Equifax breach.”



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.