Senators raise questions about Uber's response to reported 2015 data breach

Posted November 30, 2017

John Thune (R-SD), Orrin Hatch (R-UT), Jerry Moran (R-KS) and Bill Cassidy (R-LA), notes that an outside law firm commissioned by Uber's board of directors uncovered the 2015 data breach.

Uber should notify United Kingdom users who have been affected, the data regulator said.

A joint lawsuit was filed on behalf of IL and the city of Chicago on Monday, seeking to hold the ride sharing company accountable for a 2016 breach that exposed the data of 57 million customers and drivers worldwide.

Uber failed to disclose a massive breach previous year, which disclosed the data of some 57 million users, the company's new chief executive officer said last week, according to Reuters. "I am committed to ensuring that those who don't follow these laws can not simply sweep it under the rug".

Ferguson said that the ride-sharing company violated state law by not informing consumers that their information had been stolen in the 2015 breach. It left their names, email addresses, and mobile phone numbers exposed. "There is no excuse for keeping this information from consumers". And in Italy, the only European Union country to have announced a full-blown investigation into the Uber incident before Wednesday, the fine may be more than $1 million, with the amount being related to the number of Italians who were affected.

Several states, including Missouri, Massachusetts and NY, have opened investigations, and the city of Chicago sued Uber on Tuesday for failing to notify affected residents.

The city and county are seeking a $10,000 fine "for each violation involving a Chicago resident".

Ferguson announced the state's lawsuit hours after developments in a California court case revealed that federal prosecutors are investigating allegations that Uber deployed an espionage team to plunder trade secrets from its rivals.

The attorney general is seeking a penalty of $2,000 for each of the almost 11,000 Washington residents affected by the breach.

A statement of claim filed this week in Calgary by Branch MacMaster LLP said that Uber's handling of the whole affair was "willful, reckless, wanton, negligent, callous and in total disregard for the security and rights of the plaintiff and class members".