Lawsuits Pile Up on Uber

Lawsuits Pile Up on UberWashington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow. It’s been quite a week for Uber as the lawsuits from its recent high-profile breach keep on coming. The popular ride-hailing company has been under fire ever since it was disclosed that the company took more than a year to notify consumers of a breach, after which it allegedly paid hackers $100,000 to keep the attack quiet. The hack reportedly affected 57 million people worldwide and exposed names and driver’s license numbers of some 600,000 drivers in the United States.  
First, on Monday, the city of Chicago and Cook County filed a lawsuit asking the court to fine Uber $10,000 a day for each violation of a consumer’s privacy. The suit contends Uber took much too long to report the breach.
Next, on Tuesday, Washington State Attorney General Bob Ferguson filed a consumer protection lawsuit against Uber, asking for penalties of up to $2,000 per violation. The lawsuit alleges that at least 10,888 Uber drivers in Washington were breached, so the lawsuit could result in millions of dollars of penalties.
On top of the two lawsuits from state and local governments, Uber has also been hit with two class-action lawsuits. Both cases were filed last week. The first, Alejandro Flores v. Raiser was filed in federal court in Los Angeles. The second lawsuit, Danyelle Townsend and Ken Tew v. Uber, was filed in federal court in San Francisco.
Multiple state governments also say that they are conducting investigations into the Uber breach. Dark Reading has confirmed ongoing investigations by the states of Connecticut, Massachusetts, Missouri, and New York.   
The lawsuit by the state of Washington was seen as significant, because it was the first lawsuit against Uber filed by a state government. Under a 2015 amendment to the state’s data breach law, consumers must be notified within 45 days of a breach, and the Attorney’s General’s office also must be notified within 45 days if the breach affects 500 or more Washington residents. Tuesday’s lawsuit was the first one filed under the revised statute.
“Washington law is clear: When a data breach puts people at risk, businesses must inform them,” Ferguson said in a press release. “Uber’s conduct has been truly stunning. There is no excuse for keeping this information from consumers.”
Craig Spiezle, chairman emeritus of the Online Trust Alliance, says the Uber case may spark renewed calls for national data breach legislation. In the past, there’s been a general consensus for such a measure because companies must grapple with the cost of  handling the compliance requirements of 48 separate state data breach laws.
“The European Union has a data breach notification requirement of 72 hours,” says Spiezle, who worked closely with Attorney General Ferguson on the data breach law in Washington. “While three days is really not enough time, I think Washington’s 45-day law is very generous. I’ve actually been on the record calling for a notification period of 10 days.”
The last time the federal government talked seriously about national data breach legislation was in early 2015. At the time, the Obama administration called for a notification period of 30 days. Legislation sponsored that year by Sen. Tom Carper (D-Del) and Sen. Roy Blunt (R-Mo.) would have required companies to notify federal agencies and consumers of a breach that affects more than 5,000 consumers. Few other details were released, such as which agencies companies should report to first, the Department of Homeland Security or the FBI, and the issue slowly died as the 2016 election year morphed into 2017, the nation’s first under the Trump administration. 
In response to this most recent Uber case, Sen. Richard Blumenthal (D-Conn.) last week called for the Federal Trade Commission to investigate the Uber breach and impose strict penalties. And Sen. Mark Warner (D-Va.) has expressed support for national data breach legislation. A spokesman for Sen. Warner would offer no new details and would only say national data breach legislation “continues to be a top priority” for the senator.
Efforts to communicate with Sen. John Thune (R-S.D.) were unsuccessful. Sen. Thune chairs the Senate’s Commerce, Science and Transportation committee, which could potentially play an important role in any national data breach legislation. 
网络安全法普法宣传 004《网络安全法》的突出亮点
Related Content:
Uber’s Security Slip-ups: What Went Wrong

Why Security Depends on Usability — and How to Achieve Both
小心ATM机旁边的附加装置,通过改变ATM机的物理构造,让附加设备不易安装或很容易被识别、加装ATM附加设备的监控和报警装置等都是不错的想法,可是更换起来成本很高,可行的低成本方案还是加强用户安全教育等等。
Security Gets Social: 10 of Dark Reading’s Most Shared Stories
客户至上,为了商业利益,产品供应商要妥协啊,一味妥协退让也不行,得确保客户正确地使用您的代码,至少不泄露给竞争对手。此外,还得使您的系统开发遵循国际标准和惯例,以及提升安全性。

猜您喜欢

强调实战操作 360推出网络安全攻防实训基地
中国顶级黑客关注安全意识培训
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述
特朗普牵手梅拉尼娅 点亮白宫圣诞树 https://news.qq.com/a/20171201/009877.htm#p=1
IGPSECURE LOVEFOODIES
包含灭火器使用等消防设施和器材操作的在线EHS动画培训课程