Washington State Goes After Uber Over 2016 Data Breach
You might have heard that news story about how the citizen-taxi service Uber suffered a data breach in November of last year. Now, Washington State Attorney General Bob Ferguson is filing a huge lawsuit against the company.
An individual, says Ferguson in his court briefing, reportedly approached the company that month and claimed to have hacked or accessed the company's sensitive information of some 50 million riders.
Under a consumer protection law passed in 2015, for some reason the breach did not require the new 45-day notification period. Ferguson had pushed through a law requiring all companies that do business in our state to notify citizens with such time of any breaches involving 500 or more people.
However, that number included more than 600,000 U.S. drivers, and of those, 10,888 live in Washington. This apparently, fell under the 45-day law. Therefore, Ferguson is suing the company. That stolen data included their driver's license numbers and names.
News sources say the company paid the hackers to transfer the stolen data back, and allegedly hid it initially from the public. Multiple news sources have made this claim. Some, including the internet-computer website Recode.net, called it a $100,000 "ransom."
According to court documents filed in King County, Ferguson is asking the court to assess a $2,000 fine for each count, or person, included in the Washington State portion of the breach. Considering there are 10,888 drivers, multiply that by $2,000, and the fine would be $21.7 million. And that's just our state. Apparently Uber is also facing suits in other states and cities.
No word on how this will, if it all, affect local ride-share service with the company.