Pennsylvania attorney general, Josh Shapiro, filed a lawsuit on Monday morning against Uber after the San Francisco-based ride sharing firm failed to report its data breach for more than 12 months.
According to CNET, the attackers managed to access information on 25 million users in the US, where 4.1 million of them were drivers. Stolen data included names, e-mail addresses, phone numbers and driver’s license numbers. Apparently, 13,500 of those individuals lived in Pennsylvania.
The lawsuit states that Uber violated multiple consumer protection laws, including the Personal Information Act, by not notifying its users in a timely manner – it wasn’t until November of last year that the company informed the public of what had happened.
“When it learned about the 2016 Data Breach, Uber did not notify law enforcement authorities or consumers about the breach,” states the lawsuit. “Instead, Uber paid the hackers at least $100,000 to delete the acquired consumer data and keep quiet about the breach.”
With data breaches becoming more common lately, U.S. Attorney General Jeff Sessions announced the formation of a cybersecurity task force that will analyze multiple types of cyber threats, including “theft of corporate, governmental and private information on a mass scale.”
The ride sharing giant has yet to comment with regards to the lawsuit.