Chicago and Cook County sue Uber over 2016 data breach
Tuesday, November 28, 2017
by Ally Marotti
The city of Chicago and Cook County on Monday filed a lawsuit against Uber Technologies, alleging the ride-hailing company’s 2016 data breach harmed “tens, if not hundreds, of thousands” of area residents.
San Francisco-based Uber disclosed last week that the personal data of 57 million customers and drivers globally were exposed last year, and that it had paid hackers $100,000 to keep quiet about stealing the personal information.
Uber waited more than a year to disclose the data breach, and that delay, in addition to failing to protect consumers’ personal information, violates city and state laws, according to the lawsuit filed in Cook County Circuit Court.
Uber also faces lawsuits filed by consumers over the issue, and attorneys general in several states, including Illinois, are investigating the breach. The company also said last week it was contacted by the Federal Trade Commission.
In August, Uber agreed to adopt a privacy program to settle an earlier FTC complaint that the company improperly protected consumer data. The hackers in last year’s attack allegedly exploited “virtually the same security flaw” attackers had used before, the Chicago-Cook County lawsuit states.
Among other requests, the lawsuit asks the court to fine Uber $10,000 for each violation of its ordinance involving a Chicago resident for each day the violation existed.
Uber spokeswoman Molly Spaeth said in a statement that the company takes the matter seriously and will answer regulators’ questions. “We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to regain the trust of consumers,” she said.