Pennsylvania is seeking up to $13.5 million in damages from Uber after the the ride-sharing platform suffered a data breach of driver and passenger data and did not disclose the information for over a year.
In late November, Uber Technologies Inc. admitted that 57 million driver and passenger accounts worldwide had been hacked. The company kept it secret after paying a $100,000 ransom.
"Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year _ and actually paid the hackers to delete the data and stay quiet," state Attorney General Josh Shapiro said in a statement. "That's just outrageous corporate misconduct, and I'm suing to hold them accountable and recover for Pennsylvanians."
The breach impacted at least 13,500 Pennsylvania drivers who had their names and drivers license numbers stolen. The data can be used to steal someone's identity.
The lawsuit, filed in Philadelphia Court of Common Pleas, claims Uber violated the Pennsylvania Breach of Personal Information Notification Act, which requires notice to anyone impacted by a data breach within a "reasonable" time frame. An Uber spokesman declined immediate comment. Washington state and Chicago have also sued Uber.
