Filed by Medhi Seifian, the lawsuit alleges that the compromised data includes names, email addresses and phone numbers of 50 million riders worldwide. Further, personal information of approximately seven million drivers also was accessed, including 600,000 US driver's license numbers.
The lawsuit contends that rather than reporting the data breach promptly, as required by state law, Uber paid hackers $100,000 to delete the data and keep the breach quiet.
In a recent report to Bloomberg Uber said it believes the information stolen in 2016 was never used but declined to disclose the identities of the attackers.
However, Seifian alleges that since the data breach he has experienced undisclosed economic losses and his credit has suffered. Uber could have mitigated those losses had it promptly notified customers of the cyberattack, the lawsuit states. By the time it did, "the damage to their credit was already done."
Seifian is seeking class-action status, according to the lawsuit filed in US District Court in Portland. He says the cyberattack affected an estimated half-million Oregonians.
The suit seeks fair compensation to cover credit repair and monitoring services on behalf of "an estimated 500,000 Oregon consumers harmed by Uber's failure to adequately protect their personal information."