Uber is once again under fire legally. This time, the ride sharing giant is facing at least two proposed class action lawsuits alleging it was negligent in failing to protect consumer data in the now infamous Uber data breach.
Plaintiffs in California filed two separate class action lawsuits against Uber claiming they were harmed by having their personally identifiable information compromised. The plaintiffs also allege that they were not notified about the Uber data breach in a timely manner.
One of the cases, filed Nov. 21 in Los Angeles federal court by plaintiff Alejandro Flores, brings counts of negligence and deceptive practices in California federal court, and is seeking to represent a class of riders and drivers affected by the Uber data breach.
“Uber failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach,” Flores’ complaint states.
Another Uber data breach class action lawsuit, filed in San Francisco federal court by plaintiffs Danyelle Townsend and Ken Tew allege the company should have had “administrative, physical, and technical safeguards, such as intrusion detection processes that detect data breaches in a timely manner, to protect and secure Plaintiffs’ and Nationwide Class members’ [personally identifiable information].”
“Major corporations like Uber face a higher threat of security breaches than smaller companies due in part to the large amounts of data they possess,” the lawsuit contends. “Uber knew or should have known its security systems were inadequate, particularly in light of the prior data breaches that Uber had experienced, and yet Uber failed to take reasonable precautions to safeguard the PII of Plaintiffs and members of the Nationwide Class.”
The news about the 2016 Uber data breach broke earlier this month and details have emerged that Uber waited over a year to disclose the breach to the public. According to Uber, hackers accessed names, email addresses, and phone numbers of 57 million riders and nearly 600,000 Uber drivers’ license numbers were reportedly compromised.
Adding fuel to the fire, Uber announced last week they opted to pay a $100,000 ransom to the hackers to have the stolen data deleted and to withhold details of the Uber data breach from its drivers and riders, prompting five attorneys general to launch investigations into Uber’s actions in handling the data breach.
“We have serious concerns about the reported conduct,” said Massachusetts Attorney General Maura Healey in a statement.
In fact, the majority of states have notification laws in place requiring companies like Uber to disclose a data breach incident to consumers, specifically when sensitive customer information is compromised.
Earlier this month, Uber was hit with a class action lawsuit over allegations its background check practices are inadequate and leave women riders vulnerable to sexual assault. The company is also facing an employee discrimination class action lawsuit brought by its female software engineers who say Uber failed to promote them because of their gender.
Flores is represented by Bobby Saadian and Colin M. Jones of Wilshire Law Firm.
Townsend and Tew are represented by Matthew J. Preusch, Christopher L. Springer, and Lynn Lincoln Sarko of Keller Rohrback LLP.
The Uber Data Breach Class Action Lawsuits are Alejandro Flores v. Rasier, Case No. 2:17-cv-08503-FMO-GJS in the U.S. District Court for the Central District of California and Danyelle Townsend and Ken Tew et al. v. Uber Technologies Inc., Case No. 3:17-cv-06756 in the U.S. District Court for the Northern District of California, San Francisco Division.