The city of Chicago filed a lawsuit against Uber for failure to disclose the recently reported data breach of 2016. The city claims that Uber did not secure its information systems from attack as it had agreed to after a previous attack.
Chicago CCSAO Uber 11.27.17 Complaint (First Page)
Not only did Uber fail to notify the authorities of the breach resulting in 57 million user information being held at ransom, but the company also paid the hackers $100,000 to erase the data and had them sign an NDA. The city stated that the company was fully responsible for the successful attack since it had not corrected breaches to its security after a similar attack had been revealed to the public in May 2014. The city is also representing Illinois residents in this case and has asked for monetary compensation for the damages; they asked the judge for a $10,000 a day fine for every day that Uber hid the information of the attack, a direct violation of the States ordnance on public information disclosure. The city has asked the Judge to impose a $50,000 fine against Uber for violating the consumer fraud act.
Apart from the City of Chicago, four other states are investigating Uber after the revelation of the attack by Uber; the states include Connecticut, Missouri, New York, and Massachusetts. On top these investigations, Uber is facing fire from Congress in relation to the time it took them to reveal the hack. One Senator, Mark Warner (Dem.) sent a personal letter to Uber asking how they found out who the hackers were and if they performed an illegal hack-back probe?
Uber spokesman stated that the company takes this issue very seriously, and under the new executive leadership has changed its approach to regulators. Uber is corresponding freely, with full transparency to show how it has now turned around from its previous mismanagement and putting integrity at its core. CEO Dara Khosrowshahi has his work cut out for him as the latest escapade will put a lot of pressure on an already strained company.