Chicago Sues Uber Over 2016 Breach That Exposed Data of 57 Million Users and Drivers - NBC Chicago
Ward Room
Covering Chicago's nine political influencers

Chicago Sues Uber Over 2016 Breach That Exposed Data of 57 Million Users and Drivers

The heist took the names, email addresses and mobile phone numbers of 57 million riders around the world



    Uber Hid Hack That Exposed 57M Users, Drivers

    The cyberattack included 50 million Uber riders globally and 7 million drivers in the U.S.

    (Published Tuesday, Nov. 21, 2017)

    A consumer fraud lawsuit against Uber on behalf of the people of Illinois and the city of Chicago was announced Monday by Mayor Rahm Emanuel and Cook County State’s Attorney Kim Foxx citing the rideshare company’s “year-long failure” to disclose a massive 2016 data breach that impacted 57 million drivers and users.

    The complaint raises several claims under the Illinois Consumer Fraud and Deceptive Business Practices Act and the Chicago Municipal Code, stemming from Uber’s failure to adequately protect its data and actively concealing the breach once it occurred, a press release from the city of Chicago says.

    "Not only did Uber allow a massive data breach that exposed the personal information of millions of drivers and passengers, they brazenly attempted to conceal this information from the public," Emanuel said in a statement. "The City of Chicago will not tolerate these kinds of irresponsible practices, which is why we are taking legal action to hold Uber accountable for their reckless actions."

    Chicago Corporation Counsel Ed Siskel and Foxx filed the complaint in the Chancery Division of the Circuit Court of Cook County.

    Astronauts Make History With NASA's First All-Female Spacewalk

    [NATL] Astronauts Make History With NASA's First All-Female Spacewalk

    American astronauts Jessica Meir and Christina Koch made history Friday with NASA's first all-female spacewalk. The astronauts walked outside the International Space Station to replace a faulty battery.

    (Published Friday, Oct. 18, 2019)

    “We filed this lawsuit because Uber must be held accountable for its actions which have made its customers vulnerable to identity theft, fraud, and other abuse,” Foxx said in a statement. “Consumers expect and deserve protection from disclosure of their personal information. I am committed to ensuring that those who don’t follow these laws cannot simply sweep it under the rug.”

    Citing the complaint, the city alleges Uber experienced a smaller data breach in 2014 that resulted from posting a database containing identifying information to the software development platform GitHub, which was subsequently accessed by hackers. After the 2014 breach, the city says, Uber agreed to make significant updates to its security practices to meet industry standards, but failed to do so. That failure allowed for the 2016 breach that is the subject of this lawsuit, in which hackers again were able to obtain vast amounts of personal information about millions of consumers and Uber drivers through improperly-secured Uber databases posted to GitHub.

    “Companies cannot be permitted to violate the law by failing to safeguard personal information and then covering it up, preventing those impacted from taking steps to protect themselves,” Siskel said in a statement. “We are again protecting our residents while putting companies on notice that they need to take the proper precautions with sensitive information.”

    The complaint further alleges that Uber violated State and municipal law when for a year it failed to disclose the data breach, as it was required to do by law. Uber became aware in November 2016 that criminal hackers had obtained the information, but rather than disclosing it instead made a substantial payment to the hackers in exchange for an agreement to “destroy” the improperly-obtained data, the city said. This payment was disguised as part of Uber’s “bug bounty” payment program, in an effort to conceal the breach and subsequent payoff, according to the press release.

    The lawsuit seeks civil penalties and fines under the Illinois Consumer Fraud and Deceptive Business Practices Act and the Chicago Municipal Code.

    South Philly Explosions Seen from Inside the Facility

    [NATL-PHI] Philadelphia Refinery Explosions Seen From Facility Cameras

    Cameras inside the Philadelphia Energy Solutions refinery caught on video the massive blasts early June 21 from just yards away. Here is what explosions of hundreds of thousands of pounds of explosive chemicals looks like up close. The video is from Philadelphia Energy Solutions, via the U.S. Chemical Safety Board.

    (Published Thursday, Oct. 17, 2019)

    Chicago and Cook County will be jointly represented by the outside law firm Edelson PC.

    Edelson will be working on a contingency basis and its fees will be paid from any damages generated by this lawsuit.

    A spokesperson for Uber said the company takes the lawsuit "very seriously" and would be happy to answer any questions regulators may have.

    "We are committed to changing the way we do business, putting integrity at the core of every decision we make, and working hard to re-gain the trust of consumers," they said.