Uber Says No Harm Caused in Data Breach Class Action Lawsuit

Last week, Uber Technologies Inc. filed a motion in California federal court to dismiss the class action lawsuit alleging it caused a data breach releasing the personal information of 50,000 Uber drivers.

Lead plaintiff Sasha Antman, an Uber driver from Oregon, alleges in his class action lawsuit that the ride-sharing company failed to prevent and also to notify drivers about the data breach that occurred in May of 2014. Late last week, Uber asked the court to dismiss the class action lawsuit, arguing that the plaintiff lacked standing under the Unfair Competition Law in California and also that the plaintiff had not established that he suffered any harm from the alleged data breach.

In its motion to dismiss the class action lawsuit, Uber claims it “responded [to the data breach] by identifying all of the drivers whose information was contained in those internal database files; notifying those individuals about the unauthorized third party’s download of those files; and offering those individuals free credit monitoring for one year. Uber also filed a ‘John Doe’ lawsuit to discover the identity of the third party who unlawfully accessed Uber’s database.”

Uber argues further that the “[p]laintiff has not alleged that any sensitive personal information was stolen, or that this was a sophisticated, well-planned attack aimed at accessing and misappropriating drivers’ sensitive personal data,” in its motion to dismiss the Uber data breach class action lawsuit. “Plaintiff has only alleged, at best, that his name and driver’s license number may have been disclosed to an unknown third party, which simply provides no basis for claiming a tangible injury.”

The Uber class action lawsuit alleges that the car-sharing company knew about the data breach in the fall of last year, but waited until February of this year to notify its drivers. The plaintiff alleges that someone had attempted to obtain a credit card in his name. Uber argued last week that the plaintiff had not established how information from the alleged data breach had made it to the unknown third party who used the plaintiff’s private information to obtain an unauthorized credit card.

Uber also argued that the only private information it held was the plaintiff’s name and drivers license number; not enough for someone to use to obtain a credit card in the plaintiff’s name.

Uber also pointed out that the plaintiff had not claimed his credit score was negatively affected by the application, or that charges were made in his name. Uber also argued in it’s motion that the plaintiff had not alleged that he spent a significant amount of time or money to address the issue.

Antman is represented by Robert Ahdoot, Tina Wolfson and Theodore W. Maya of Ahdoot & Wolfson PC.

The Uber Data Breach Class Action Lawsuit is Sasha Antman v. Uber Technologies Inc., Case No. 3:15-cv-01175, in the U.S. District Court for the Northern District of California.

UPDATE: On Feb. 18, 2016, Lyft filed a motion with the court alleging Uber is using the discovery process in this class action to try and steal Lyft’s trade secrets.