Penn v. Uber Shows the Dangers of Nondisclosure Following a Data Breach

Uber’s many legal troubles continue as Pennsylvania Attorney General Josh Shapiro is now suing the ride-sharing service for failing to disclose within a reasonable time that it had suffered a data breach that affected 600,000 drivers globally.

AG Shapiro claims Uber, therefore, violated a state law that requires companies to notify consumers affected by data hacks within a reasonable time. There were 13,500 Pennsylvania drivers whose first and last names and license numbers were accessed by hackers in 2016, Shapiro said. Uber did not disclose the breach until November 2017.

The fine for failing to notify consumers affected by a hack is $1,000 per person affected, which means Uber could be penalized for up to $13.5 million — a small sum for the ride-hail player. However, it’s a clear sign that the ghosts of the company’s past leadership are still haunting its new executive team.

“Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,” Shapiro said in a statement. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year — and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”

So first you get breached, then you get sued by a state attorney general because you didn’t handle communications surrounding the breach appropriately. Let’s face it, disputes are everywhere (literally in Uber’s case) and can adversely affect YOUR business. When that happens, call in the un-breachable litigator Dean Sperling who will work to revolve YOUR matter with YOUR best interests in mind!

More on the Case:

Pennsylvania is suing Uber for up to $13.5 million in penalties for failing to disclose its data breach quickly enough