Uber is being sued in US for failing to report major data breach from 2016

The US state of Washington has sued Uber for failing to report a major data breach from 2016, in which the data of 57 million Uber accounts was stolen. This case could cost Uber many millions of dollars.

The Washington State Attorney General has sued Uber for violating a law that protects consumers and a law that requires companies to report security vulnerabilities. This latest Washington state law requires a notification to be made within 45 days if at least 500 residents are affected. However, that only happened on November 21, 371 days after the theft was discovered.

Witness the charges, the state is seeking $2,000 per violation, which could lead to damages in the amount of millions of dollars, according to the plaintiff; it would be ‘thousands of violations’. There are at least 10,888 people from Washington state whose names and driver’s license numbers have been stolen. If that $2,000 claim is for a violation against each affected person, the aggregate amount claimed could exceed $20 million.

On November 21, Uber announced that there had been a major data theft in 2016. Hackers then looted the names, email addresses and mobile phone numbers of 57 million users. Also, the names and driver license numbers of 600,000 drivers in the US were downloaded. Director Dara Khosrowshahi admitted that Uber didn’t disclose this fact in 2016, but he said nothing about the claim that Uber paid the hackers to keep the data theft quiet.