OLYMPIA, Wash. (Legal Newsline) — Washington state Attorney General Bob Ferguson announced Nov. 28 that he has filed a multimillion-dollar consumer protection lawsuit against ride-sharing company Uber for allegations of violating the state’s laws related to data breaches.
Uber is in the middle of a massive data breach issue. More than 57 million consumers and company drivers have purportedly had personal information stolen in the breach. Ferguson alleges at least 10,888 Uber drivers in Washington have had their names and driver’s license numbers stolen.
Uber allegedly first learned of the hack in November 2016, but paid off the hackers to destroy the stolen data. Uber did not notify the Washington State Attorney General’s Office until Nov 21. 2017, roughly 372 days after learning of the hack. Under state regulations consumers must be notified within 45 days if a breach. Additionally, if the breach affects 500 or more Washingtonians, the Attorney General’s Office must be notified.
“Washington law is clear: When a data breach puts people at risk, businesses must inform them,” Ferguson said. “Uber’s conduct has been truly stunning. There is no excuse for keeping this information from consumers.”