Summary: This week Uber disclosed it had paid hackers $100,000 to not publicly disclose a data breach that affected 57 million people worldwide.
An upset customer sued Uber on Tuesday after the ride-share company announced that it had a massive data breach last year that affected 57 million people. The multi-billion dollar company not only was hacked, but they paid $100,000 to keep the incident under wraps, an act that has prompted the government and a few states to launch investigations.
The class-action seeking lawsuit was filed in Los Angeles on Tuesday by a disgruntled customer, according to Bloomberg.
“Uber failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach,” the complaint said.
The plaintiff is suing on behalf of 50 million consumers and 7 million drivers who had their data exposed by Uber in 2016 and were only notified of the breach this week. According to Uber, names and addresses were accessed by hackers but social security numbers and credit card information was not.
In the lawsuit, plaintiff Alejandro Flores accused Uber of failing to keep customer data safe.
On Wednesday, a second lawsuit was filed by Danyelle Townsend and Ken Tew in San Francisco, according to ARS Technica. Like Flores, they also accused Uber of not having safety measures in place and were seeking class-action status.
“Major corporations like Uber face a higher threat of security breaches than smaller companies due in part to the large amounts of data they possess,” the second lawsuit wrote. “Uber knew or should have known its security systems were inadequate, particularly in light of the prior data breaches that Uber had experienced, and yet Uber failed to take reasonable precautions to safeguard the PII of Plaintiffs and members of the Nationwide Class.”
Huffington Post reported that numerous federal and state agencies announced that they are launching inquiries into Uber because of the hack. The U.S. Federal Trade Commission (FTC) and Connecticut, Illinois, Massachusetts, Missouri and New York said on Wednesday that they will begin probes soon. Officials in Australia, Britain, and the Philippines also said they would look into the matter.
Keller Rohrback, the law firm representing the second lawsuit, said that Uber paying off hackers put its consumers at risk.
“By choosing not to disclose this massive data breach and attempting to mitigate the breach by paying the hackers to destroy the data, Uber has essentially rolled the dice with its customers’ and drivers’ personal identities,” Cari Campen Laufenberg of Keller Rohrback attorney told ARS Technica. “What’s more, it has done so for more than a year–denying these victims the crucial opportunity to take timely steps to mitigate the disclosure of their private information.”
Uber declined to comment on the pending litigation.
- Former Uber CEO Travis Kalanick Fights Back against Benchmark Lawsuit
- Judge Sends Benchmark’s Lawsuit against Former Uber CEO to Arbitration
- Disability Groups Claim Uber Is Discriminating against Them