PHILADELPHIA (KDKA) – State Attorney General Josh Shapiro accused Uber of violating state law when they failed to inform some 13,500 Uber drivers in this state that their names and drivers’ license numbers were stolen by hackers over a year ago.
“Uber had a responsibility to these Uber drivers to let them know that their data had been compromised,” Shapiro told KDKA money editor Jon Delano on Monday. “Instead of notifying them in a timely fashion, they covered it up for more than a year.”
When the hack became public last fall, Shapiro’s office investigated and, on Monday, filed a lawsuit in Philadelphia.
Shapiro is seeking civil penalties of $13.5 million against Uber.
“We would hope to use that money to protect people’s personal information going forward. We would also use that money to have other consumer protection cases in the future,” he said. “Look, my bottom line here is that we want to protect Pennsylvanians’ data. We want to make sure that consumers are protected across Pennsylvania, and that’s why we’re holding Uber accountable.”
Shapiro confirmed that the data breach was limited to drivers, not passengers, something Uber stressed in their statement from their new Chief Legal Officer.
“While I was surprised by Pennsylvania’s complaint this morning, I look forward to continuing the dialogue we’ve started as Uber seeks to resolve this matter,” wrote Tom West.
“We make no excuses for the previous failure to disclose the data breach,” he added.
“While we do not in any way minimize what occurred, it’s crucial to note that the information compromised did not include any sensitive consumer information such as credit card numbers or social security numbers, which present a higher risk of harm than driver’s license numbers,” concluded West.
No indication yet that Uber will settle this matter out of court.