Uber's data breach has got the attention of Washington state attorney general Bob Ferguson, who has begun the process of filing a multi-million dollar consumer protection lawsuit against the transportation company.
Uber's data breach potentially affected 57 million passengers and drivers worldwide. 10,888 Uber drivers in Washington have had their license numbers compromised by the data breach and according Ferguson's press release, Uber was required to notify the passengers and drivers of breach as well as the attorney general's office within 45 days of the attack.
The lawsuit could see penalties of $2,000 per violation for failing to notify those affected and the attorney general's office. Uber failed to notify the attorney general's office until the 21st of November which was more than year after the initial breach happened, which was a result of Uber paying hush money to the hackers to destroy the data.
"Washington law is clear: When a data breach puts people at risk, businesses must inform them," Ferguson said in the release. "Uber's conduct has been truly stunning. There is no excuse for keeping this information from consumers."
In a statement to TechCrunch an Uber spokesperson said "We take this matter very seriously and we are happy to answer any questions regulators may have. We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to re-gain the trust of consumers."