In a statement issued this week, Uber Canada disclosed that the information of 815,000 Canadian riders and drivers may have been affected by a major data breach.
The ridesharing company first announced news of the breach last November. Uber revealed that the breach occurred sometime in October 2016, and resulted in the theft of information from some 57 million Uber accounts globally.
Uber Canada said the information taken by the cyber attackers includes names, email addresses, and mobile phone numbers. The company’s investigation has not identified, however, if the hackers managed to also steal users’ location histories, credit card numbers, bank account numbers, or dates of birth.
The company’s disclosure earlier this week came the same day that the federal privacy commissioner said it had opened a formal investigation into the breach, The Canadian Press reported.
Uber Canada spokesperson Jean-Christophe de le Rue said that the company will cooperate with the commissioner’s investigation.
“The privacy of riders and drivers is of paramount importance at Uber and we will continue to work with the privacy commissioner on this matter.”
In late November, a law firm representing Albertans whose information was compromised by the data breach filed a class-action lawsuit against Uber. On top of general damages, the lawsuit is seeking special damages for costs related to credit counselling, compensation for the plaintiffs’ lost time and income, as well as costs for credit monitoring and other similar services.
Related stories:
Dark web ‘much bigger’ than most people understand
Uber faces class-action lawsuit in Alberta over data privacy breach