North Carolina Attorney General Josh Stein announced on Monday that he planned to investigate Uber as part of his office’s attempts to strengthen consumer protections against data breaches.
The announcement came up during a news conference in which Stein, a Democrat, teamed up with Rep. Jason Saine, a Lincoln County Republican, to advocate for legislation that would require companies that experience data breaches to notify consumers more quickly.
Saine said he plans to introduce the proposal during the General Assembly’s short session which begins in May. He hopes to gain support from both parties.
“Obviously with the attorney general and I before you, it’s already a bipartisan effort,” Saine said at a news conference on Monday.
Sign Up and Save
Get six months of free digital access to The News & Observer
Last year, according to Stein, more than 5.3 million North Carolinians were estimated to have been affected by a data breach.
“This number is staggering and unacceptable,” Stein said.
Mecklenburg County was the victim of a ransomware attack last month. Hackers demanded $23,000 in bitcoin to release the county’s data, but county officials had backups of the information and did not pay. Duke Energy also recently announced a potential breach of more than 300,000 customers’ billing information.
Uber recently acknowledged a massive data breach, but it took the company more than a year to let its customers know.
“That is certainly not a reasonable time frame to let someone know that their information has been breached,” Saine said. “We’ve looked at practices all across the United States and what different states are doing, and we’ll certainly combine that into the bill.”
Stein said scams and cyber attacks spiked in 2017.
The most commonly stolen information includes full names, dates of birth and Social Security, driver license, and credit card numbers.
“Last year in North Carolina, there were over 1,000 breaches – 1,022 – which is an increase of 15 percent from 2016. That affected 5.3 million North Carolinians,” Stein said.
In addition to forcing companies to reveal breaches on a more timely basis, the proposed legislation also would make it easier for consumers to get credit reports and freeze their credit if their information had been compromised.