Chicago Sues Uber over Breach That Exposed Data of 57 Million Users

The lawsuit is among several other legal challenges that the ride-hailing company is facing.

byStephen Edelstein|
Chicago Sues Uber over Breach That Exposed Data of 57 Million Users


When Uber revealed that a 2016 data breach exposed the personal information of 57 million users worldwide, it was only a matter of time before someone sued the company. Sure enough, the city of Chicago is suing Uber over the ride-hailing firm's handling of the breach.

Chicago, which is also suing Uber on behalf of residents in the greater state of Illinois, accuses Uber not only of acting improperly by paying off hackers to keep the 2016 data breach under wraps, but also of not implementing stronger security measures after a 2014 breach. The city is asking for a trial and monetary damages. It wants a judge to fine Uber $10,000 a day for each day it violated an Illinois ordinance on public information disclosure, plus a $50,000 fine for violating the Illinois Consumer Fraud Act.

In addition to the Chicago lawsuit, the Illinois attorney general's office is opening an investigation into Uber, according to Recode. Connecticut, Massachusetts, Missouri, and New York are also reportedly considering investigations. In response to the lawsuit and potential state investigations, an Uber spokesperson gave Recode the following statement:

"We take this matter very seriously and we are happy to answer any questions regulators may have. We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to regain the trust of consumers."

When revealing the data breach to the public last week, Uber CEO Dara Khosrowshahi said it occurred in late 2016. Bloomberg initially reported that Uber paid hackers $100,000 to delete stolen data and keep the incident under wraps. A subsequent report by The Wall Street Journal claims Khosrowshahi was informed of the breach two weeks after taking over as CEO Sept. 5, but did not want to go public with it until the company conducted an internal investigation.