Los Angeles is among the latest litigants lined up against ride-sharing behemoth Uber.
City Attorney Mike Feuer filed a lawsuit against the company on Monday, citing its failure to disclose a massive data breach which occurred in December 2016.
“We allege Uber violated California law, and public trust, when it hid this massive data breach,” said Feuer. “If any company should know better, it’s Uber, which reached a previous settlement after allegedly failing to provide timely notice to its user about an earlier security breach.”
Only last month did Uber admit it covered up the attack, in which hackers stole the personal information of nearly 60 million drivers and passengers.
“Uber and other companies holding vast amounts of private data need to safeguard it – and immediately come clean if the information is compromised,” said Feuer.
Rather than coming clean about the cyber-crime, Uber gave in to the demands of hackers – paying tens of thousands of dollars to the criminals in exchange for their silence and the destruction of stolen data.
A New York Times article alleges that company officials “pressured” the hackers into signing a non-disclosure agreement. The $100,000 ransom shelled out by Uber was later written off as consulting fees, with the thieves listed as outside experts contracted to test security vulnerabilities.
#California law requires disclosure to #databreach #victims in a timely manner so that they can safeguard their info. With #uber's massive #hack from 2016 coming to light 13 months later, we allege they violated this law. #suinguber #Lawsuit#LosAngeles #cybersecurity #news
— LA City Attorney (@CityAttorneyLA) December 4, 2017
“We alleged Uber kept the hack quiet – a secret – for more than a year,” said Feuer.
The Orange County Register reports that Uber would be liable to pay $2,500 “per violation for each of the two possible state law sections that applies. Proceeds from the penalties would be split between the city and county and would be used toward protecting consumers.”
“These penalties,” said Feuer, “are designed to hold the company accountable for its alleged actions and to deter future unlawful behavior.
“All of us, I think, are especially concerned that so many companies hold our personal information and it’s really important that they abide by California law.”
Drivers license information, names, emails and phone numbers of Uber over-the-road employees were among the information taken in the attack. Feuer says he plans on finding out how many of the 600,000 affected drivers ply Los Angeles streets, to see what options may be available to them.
Uber is also being sued by Washington state, the City of Chicago, and class action plaintiffs.
The ride-sharing application and is no stranger to corporate controversy.
The company has been hit with numerous accusations and charges throughout its history. From allegations that its management fostered a culture of sexual inequality and discrimination to crimes committed by drivers with unchecked backgrounds, the latest wave of suits seems unlikely to be the last.