A complaint was filed against Uber on Tuesday in a federal court, in Los Angeles, due to the company’s failure to implement and maintain reasonable security procedures and lack of appropriate practices to the nature and scope of the information compromised in the data breach.
The lawsuit seeks to represent all Uber drivers and customers in the U.S. whose information was stolen.
The cyber-attack on Uber was deliberated concealed by its executives in October 2016, which exposed 57 million people’s data, as stated by a new report from Bloomberg.
The two hackers who had gain access to the data were paid $100,000 in exchange for their promise to keep quiet and scrap the information, according to the report.
The data on the 57 million Uber riders and drivers that was stored in a third-party infrastructure system was on Tuesday acknowledged by Uber to have been accessed and downloaded by two individuals in October 2016; however none of the company’s systems were stated to be breached.
The cyberattack disclosed the names, email addresses and phone numbers of 50 million Uber customers around the world while the personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers.
Although no Social Security numbers, credit card information, trip location details or other data were taken, Uber said.
Uber’s then-CEO Travis Kalanick first learned of the incident in November 2016, when Uber was finalizing a settlement with the Federal Trade Commission for privacy violations, according to Bloomberg. The company instead chose to pay the hackers $100,000 to delete the information and stay quiet about the incident, the report said.
Uber’s Chief Security Officer, Joe Sullivan, was asked by Uber’s new CEO Dara Khosrowshahi to resign alongside the lawyer that reported it.
