Uber's 2016 data breach affected 2.7 million United Kingdom users


The lawsuit filed Monday in Cook County Circuit Court contends Uber's failure to protect consumers' personal information violated city and state laws.

Uber spokeswoman Molly Spaeth said in an email the company is "committed to changing the way we do business".

Uber has revealed that around 2.7 million people in the United Kingdom were affected by a 2016 data breach that it kept secret.

Washington Attorney General Bob Ferguson is suing Uber, after the ride-hailing company waited more than a year to reveal that it had been hacked, resulting in the breach of personal data for customers and drivers.

It was reported recently that Uber discovered that it suffered a major data breach in 2016.

According to The Chicago Tribune, Uber disclosed the data breach last week and said the company paid out $100,000 in an effort to silence hackers from exposing the breach to the public.

About 50 million Uber passengers had their names, addresses and phone numbers breached, but the hackers also got driver's license numbers for about 7 million Uber drivers, including 10,888 in Washington, Ferguson said. When a data breach puts people at risk, businesses must inform them, " Ferguson said in a news release. "Consumers expect and deserve protection from disclosure of their personal information". With investigations under way by the attorneys general of Connecticut, Illinois, Massachusetts, Missouri, New Mexico, and NY, there will likely be more on this front soon.

Central to the lawsuit are claims that Uber failed to protect its data and, once the breach occurred, actively went out of its way to hide this. If that penalty were applied to each of the affected drivers in Washington, it would total almost $22 million in penalties. Under such a theory, he argues that Uber should face a penalty of several millions of dollars.

"We are monitoring the affected accounts and have flagged them for additional fraud protection", the company said.

However, Attorney General Ferguson contends that each day that Uber failed to report the breach to each of the drivers-as well as to his office-counts as a separate violation.