Pennsylvania Sues Uber Over Data Breach Disclosure
The stolen Uber data included the names and driver’s license information of around 600,000 drivers—including at least 13,500 from Pennsylvania—as well as data belonging to 25 million users in the US. It impacted over 57 million people in total. ‘Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,’ Josh Shapiro, the states’s attorney general, said in a statement.
‘Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year and actually paid the hackers to delete the data and stay quiet.’ Under Pennsylvania’s data breach notice law, the attorney general may seek fines up to $1,000 for each violation, leading to a maximum penalty of $13.5 million for Uber.