At least 13,500 people have been impacted by a “massive data breach,” and Pennsylvania Attorney General Josh Shapiro has taken action.
The data breach was revealed in November, more than a year after the company allegedly knew what happened.
Shapiro argued in a statement Monday that the failure to disclose the breach was illegal, because the notification was not done “within a reasonable time frame.” The breach is specific to the 13,500 drivers Uber contracts in the state.
“Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,” Shapiro said in the statement. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and stay quiet. That’s just outrageous corporate misconduct, and I’m suing to hold them accountable and recover for Pennsylvanians.”
Uber’s Pennsylvania driver’s names and license numbers were stolen, according to Shapiro who might seek up to $1,000 for each violation, totaling civil penalties of up to $13.5 million.
Shawn Annarelli: 814-235-3928, @Shawn_Annarelli