Internet security has become a more public concern in recent years. Of particular note, the 2017 Equifax Data Breach exposed the private information of 143 million Americans; Yahoo! was hacked in 2013, claiming that 1 billion accounts were compromised – though in 2017 it was discovered that it was actually three billion accounts; PayPal experienced a scare when newly acquired TIO Networks revealed that 1.6 million customers had their data stolen in an ongoing data breach; and now beleaguered transportation tech company Uber can be added to the list. A data breach lawsuit filed in the Los Angeles County Superior Court joins the vast array of legal entanglements the company is now facing.
This breach, where up to 57 million passengers and drivers have had personal information exposed, seems almost the norm now. What is not normal – and what has Uber in hot water – is that it knew the breach happened in October 2016 and tried to hide it.
Data breach lawsuit joins a history of poor security and lies
Uber was fined $20,000 by New York’s attorney general as a penalty for failing to quickly report another data breach in 2014. In this breach, the data of 100,000 drivers was exposed to an unknown intruder. Uber also lied about the scale of this breach initially.
In addition to poor security for its drivers, the company has been subject to multiple complaints about how passenger data was handled. In 2011, an Uber launch party showed off the “God View” of New York, which showed the whereabouts of 30 Uber users in real time. The circumstances behind this remain up for debate, but it is considered a public unveiling of real-time tracking of otherwise private individuals (in other words, illegal sharing of location data).
This history of carelessness leads us to the present-day lawsuit. Drivers and riders worldwide have had personal information compromised, including names, phone numbers, and email addresses. The breach alone is a terrible incident, but the issue is further compounded by the company doing its best to hide it.
Uber paid hackers ransom to delete data
When the breach was discovered, Uber company officials responded in secret: They paid the hackers $100,000 to delete the data they’d stolen (though there is no guarantee that this occurred). Reportedly, Uber forced them to sign a non-disclosure agreement, which some critics say shows that the company never intended to reveal the breach in public. However, a public blog post by new CEO Dara Khosrowshahi unveiled the full extent of the data breach, so if there was an intent to hide the breach, it was done away with the moment the blog was published.
The California data breach lawsuit is not the only one to be filed: the state of Washington and the city of Chicago are filing their own lawsuits. The federal government is also stepping up the pressure with multiple attorney generals, the FTC, and a bipartisan Congressional effort bearing down on Uber.