More than 10,000 Washington Uber drivers, and their compromised driver’s licenses, are at the center of a multi-million dollar lawsuit filed on Tuesday.
“Here we have a clear violation, thousands of violations,” said Washington Attorney General Bob Ferguson.
Ferguson said Uber didn’t break the law because it was hacked, it was because it waited 372 days- well past the 45 days required by law to report a breach that affects more than 500 Washington residents.
“This case is different. That the sheer amount of time that went by, more than a year, when they knew there was a data breach and did not inform consumers. And the large number of consumers who could be impacted by this,” said Ferguson.
Uber’s data breach took place in November 2016, the hackers accessed the driver’s licenses of some 7-million drivers worldwide. Fifty million passengers were also impacted.
Uber said the thieves only got passenger information that does not require notification under Washington law.
Uber driver Ahamn Ahamn told me, that he believes the company has a duty to protect his information.
“It’s not supposed to be out there. This is my life to protect for myself, and the company is supposed to protect my information,” said Ahamn.
In a statement an Uber spokesperson said, “we take this matter very seriously and we are happy to answer any questions regulators may have. We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to re-gain the trust of consumers.”
In a letter to Ferguson, Uber admitted it was wrong not to provide notice to its users at the time. Ferguson is not feeling merciful towards the company.
“So that’s what I factor into on any case about how I resolve it. How bad was the conduct? A year given the scale, it’s really unforgivable,” said Ferguson.
The fine is two thousand dollars per violation.
The city of Chicago and Cook County, Illinois have filed suit and Attorney General’s from four other states have launched investigations.