Wednesday, November 29, 2017

Washington State Sues Uber, Using Their Math Could Value Damages From Data Breach at $114 Billion

The state is looking for up to $2000 in penalties for each of their 10,888 Uber drivers. Extrapolating the two grand figure to the 57 million drivers and passengers affected by the breach and failure to disclose for damages  is how we got to the $114 billion number.
If you are suing the Ubester for any reason, do it quickly. Apparently they lost almost $1.5 billion in the 3rd quarter, more on that in the next post.

From GeekWire:

Washington files first state suit against Uber over massive data breach, seeking millions in penalties
Washington state Attorney General Bob Ferguson is suing Uber in King County Superior Court for failing to report a massive data breach that exposed the personal information of 57 million Uber drivers and passengers around the world.

Washington is the first state to sue Uber over the breach, and Ferguson’s lawsuit is the first since the state’s consumer privacy laws were revised in 2015.

Drivers license numbers were exposed as part of the breach. Rather than notify victims, Uber acknowledged that it covered up the October 2016 incident by paying off the hackers behind the breach. The breach exposed the personal information of 10,888 Uber drivers in Washington state, according to the complaint.

The multi-million dollar lawsuit claims Uber violated Washington state’s revised data breach laws, which “require individuals, businesses, and public agencies to notify Washington residents who are at risk of harm because of a security breach that includes personal information.” Victims must be notified within 45 days of the breach’s discovery. If the breach affects more than 500 Washington residents, the attorney general’s office must also be notified.

Uber told Ferguson’s office about the breach on Nov. 21, 2017, about 372 days after the company discovered it.

“Instead of doing the right thing, following the law, and telling these thousands of Washingtonians they were at risk, Uber paid the hackers to delete the data and did not disclose the breach to anyone,” Ferguson said during a press conference Tuesday. “That is stunning. It violates the spirit and the letter of the law.”

Ferguson said his lawsuit is based on information already provided by Uber. His office will be conducting a further investigation as the case progresses.

After news of the breach broke last week, Uber fired its security chief and another employee associated with the coverup. The hackers who exposed personal information of Uber users figured out how to get into the company’s Amazon Web Services account through credentials pilfered from a Github site used by its engineers....MORE