SAN FRANCISCO (CBS/AP) — Uber’s massive global data breach is now the source of yet another multi-million dollar lawsuit.
Pennsylvania’s attorney general is suing the San Francisco-based ride-hailing company, saying it broke state law when it failed to notify drivers for a year that hackers stole their personal information.
Pennsylvania joins other US Attorneys General and customers who have filed similar complaints.
The breach happened in October 2016 and reached global proportions, impacting the private data of some 57 million customers and drivers around the world, not just in Pennsylvania.
Hackers stole the names, email addresses and phone numbers of 50 million Uber riders, and 7 million drivers, according to Bloomberg.
The lawsuit filed Monday in Philadelphia said hackers stole the personal information of at least 13,500 Pennsylvania Uber drivers. It accuses Uber of violating a state law to notify victims of a data breach within a “reasonable time frame.”
Uber acknowledged in November that for more than a year it covered up a hacking attack. Pennsylvania’s lawsuit seeks civil penalties in the millions of dollars.
According to Bloomberg, Uber paid the hackers $100,000 to delete the data and conceal the breach.
Lawsuits have also been filed in Los Angeles, Washington State and Chicago.