Uber's 2016 data breach affected 2.7 million United Kingdom users

The Uber app

European data protection authorities said Wednesday that they are pooling their resources to probe Uber's recently disclosed data breach, which has put the ride-sharing company in regulators' crosshairs.

Chicago Corporation Counsel Ed Siskel, who filed the complaint in conjunction with Foxx, said that companies should not be permitted to violate the law by "failing to safeguard personal information and then covering it up, preventing those impacted from taking steps to protect themselves", the station reported.

"We filed this lawsuit because Uber must be held accountable for its actions which have made its customers vulnerable to identity theft, fraud, and other abuse", said Cook County State's Attorney Kim Foxx, according to WLS-TV.

The complaint alleges that "Uber executives were aware of the breach as early as November 2016", but nonetheless failed to provide notification until November 21, 2017-far exceeding the 45-day deadline.

Uber has revealed that 2.7 million British riders and drivers were affected by a 2016 data breach that it covered up for more than a year. "Consumers expect and deserve protection from disclosure of their personal information". Uber has said the breach involved names, mobile phone numbers and email addresses.

Several states, including Missouri, Massachusetts and NY, have opened investigations, and the city of Chicago sued Uber on Tuesday for failing to notify affected residents. Ferguson says that Uber did not notify his office until this month, more than a year after the breach.

The breach saw details of 57 million accounts compromised, and Uber has been heavily criticised for not admitting sooner that its systems had been hacked, and for paying off those responsible.

It also notes that Uber has run into trouble before for failing to notify users.

However, Attorney General Ferguson contends that each day that Uber failed to report the breach to each of the drivers-as well as to his office-counts as a separate violation.

"We have seen no evidence of fraud or misuse tied to the incident".

Related news: