PHILADELPHIA (CBS) – The Pennsylvania attorney general has filed a lawsuit against Uber after a 2016 data breach impacted more than 13,000 Pennsylvania Uber drivers.
Attorney General Josh Shapiro says the ride-sharing company knew about the breach for more than a year but the company failed to disclose it until last November.
“Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct,” said Shapiro.
Shapiro says under Pennsylvania’s data breach notification law, Uber was required to notify impacted persons of the breach within a “reasonable” time.
“I’m suing to hold them accountable and recover for Pennsylvanians,” said Shapiro.
According to the lawsuit, at least 13,500 Pennsylvania Uber drivers had their license numbers stolen.
Uber says they have taken a series of steps to be accountable and respond responsibly.
“We investigated the incident, disclosed the circumstances to state and federal regulators, and reached out to state Attorneys General, including Attorney General Shapiro, to express Uber’s desire to cooperate fully with any investigations. While we dispute the accuracy of some of the characterizations in the Pennsylvania Attorney General’s lawsuit, we will continue to cooperate with them and ask only that we be treated fairly.”
Shapiro is encouraging any Pennsylvanian who believes he or she may have been impacted by the Uber breach to file a complaint with his Bureau of Consumer Protection.
“We want to hear from you,” Shapiro said. “Call my Bureau of Consumer Protection at 1-800-441-2555 or email us at firstname.lastname@example.org. Call me. We’re standing up to this company, and we need to know if you’ve been harmed.”
Those who believe they were impacted by the breach should also monitor their credit report to protect themselves from any further vulnerability.
About 57 million passengers and drivers around the world may have been impacted in the data breach.