Uber’s troubles seem to be getting worse. The taxi startup is being sued for negligence following the disclosure of a massive data hack which implicated the personal information of 57m Uber users around the world.
The complaint was filed in federal court in Los Angeles, representing all the Uber drivers and customers in the US whose data was stolen in the hack, according to Bloomberg.
The complaint said:
“Uber failed to implement and maintain reasonable security procedures and practices and appropriate to the nature and scope of the information compromised in the data breach.”
Uber hack: what happened?
The startup published a blog post yesterday written by Uber’s chief executive, Dara Khosrowshahi. The blog detailed how two individuals had hacked user data stored on a third-party cloud service in 2016.
The hackers accessed: the names and drivers’ license numbers of 600,000 drivers in the U and the personal information of 57m Uber users including drivers and riders – this information contained names, email addresses, and mobile phone numbers.
“At the time of the incident we took immediate steps to secure the data and shut down further unauthorised access by the individuals. We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed.
“We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”
Khosrowshahi wasn’t working at Uber when the hack happened, that will have been under the remit of disgraced co-founder and ex-chief executive Travis Kalanick. The current leader noted Uber’s failure to “notify affected individuals or regulators last year.”
This will be why there is now a negligence lawsuit following the Uber hack because the drivers whose information was available didn’t know their personal details were hacked. It’s only now that the company is notifying drivers whose driving license numbers were downloaded.
Uber also said:
“While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection.”
What else did Uber do about the hack?
Khosrowshahi said that he made steps to remove the two individuals who led the response to the incident within Uber. This is thought to be Uber’s then chief security officer and one of his deputies, who also made a $100,000 payment to the hackers to stop them from spreading the information.
Khosrowshahi told Bloomberg:
“None of this should have happened and I will not make excuses for it. We are changing the way we do business.”
How can Uber move on from this hack?
Hacks of any kind, particularly on this scale, will lead to a loss of trust with the company. The startup is currently battling with London’s transport regulator, Transport for London, after having its licensed removed to operate in the city due to concerns over public safety and security issues.
This latest incident won’t help Uber’s case in the legal process against TfL.
The startup is also fighting other battles. Its self-driving lawsuit with Waymo, the Alphabet self-driving subsidiary has been delayed until December so that will kick off again soon.
As well, a UK court recently denied an appeal by Uber UK, ordering that it must now treat its drivers as official workers, not self-employed. Uber could now face huge costs if its workers appeal for back pay for the funds they are now entitled to.