Michael Li-Ming Wong of Gibson, Dunn & Crutcher

In what might best be termed a terrible, horrible, no good, very bad week for Uber Technologies Inc. and its outside lawyers, Michael Li-Ming Wong of Gibson, Dunn & Crutcher gave the company a sorely needed legal win.

A federal judge in San Francisco over the Thanksgiving weekend granted Wong's motion to dismiss a long-running data breach class action brought on behalf of about 50,000 drivers whose names and driver's' license numbers were compromised in 2014 data breach.

U.S. Magistrate Judge Laurel Beeler found that neither of the lead plaintiffs in the case, former Uber drivers Sasha Antman and Gustave Link, had alleged their Social Security numbers were disclosed, nor any other personally identifiable information that could be used by identity thieves.

Beeler's ruling came just days after Uber disclosed a more recent and much larger breach. The company announced on Nov. 21 that it had paid off hackers and failed to inform regulators about a 2016 date breach which compromised email addresses and phone numbers of 57 million users and driver's license numbers of 600,000 drivers.

The company and its lawyers came under further legal fire this week from the federal judge overseeing its trade secrets fight with Waymo over autonomous car technology. U.S. District Judge William Alsup, who had referred the case to federal prosecutors to investigate possible criminal trade secret theft, received notice from the local U.S. Attorney's office on Nov. 22 alerting him about a letter that a former Uber employee wrote to in-house lawyers claiming that there was a unit dedicated to “stealing trade secrets, code base and competitive intelligence from competitors” at the ride-hailing company.

The revelation led to some tense moments on the witness stand for the in-house Uber lawyer who received the letter and a postponement of the trial which was set to begin next week.

“No matter what else is going on, it's really good to have a win,” said Wong, in an interview Thursday morning.

Wong's breach case has at its source the same sort of sloppy information security practices that led the most recently disclosed mega-breach: In both instances the security keys used to access the Uber data were publically available via GitHub, a web-based repository regularly used by software engineers to share code. Consider it the digital age equivalent of keeping a key underneath the doormat.

In Wong's case there was an extra element of corporate intrigue. In case filings, the company has claimed that an IP address associated with an employee at rival Lyft accessed the security key ultimately used by the breacher. Wong told the judge at the most recent hearing the company has always believed that the 2014 breach was a “competitive hack” rather than the work of identity thieves. “There's nothing we've found that has disabused us of that notion,” said Wong, according to a transcript of the hearing. On Thursday, he declined to comment further on the nature of the breach.

Wong, however, noted that he finds it interesting that a case dealing with the latest in technology turned on legal issues of jurisdiction and standing that have their roots in the U.S. Constitution. “You apply all that old doctrine to new technology and new cases,” Wong said. “In the 1700s, there was no such thing as a Social Security number—much less ride-sharing apps, or pin numbers, or credit cards and databases.”

Beeler found that the lead plaintiffs lacked standing to sue since they could not show “immediate, credible risk of ID theft.”

In light of Uber's other recent troubles, it bears pointing out that that in Wong's case both Judge Beeler and his litigation opponent, Theodore Maya at Adhoot & Wolfson, credited him as trustworthy.

Beeler, who worked alongside Wong when the two were previously federal prosecutors in the San Francisco U.S. Attorney's office, said she trusted Wong's representations in court that no actionable information about the plaintiffs had been compromised—even though Uber discovered that some social security numbers were included in the database after it made its initial disclosures about the breach.

“He's not going to make a misrepresentation to me in court,” said Beeler of Wong, according to a court transcript. “He's just not going to do it.”

Reached by phone Thursday, Maya, said that the plaintiffs intend to amend their complaint. Still, he agreed that “Uber has hired a trustworthy and very good lawyer.”

But he added, “That doesn't mean Uber has been honest.”