Canadian Security Magazine

Privacy commissioner opens formal investigation into Uber data breach

By The Canadian Press   

News Data Security annex data breach formal investigation privacy privacy commissioner uber

OTTAWA — The federal privacy commissioner said Monday it has opened a formal investigation into the large data breach that Uber announced in November.

The decision to launch the probe comes weeks after Uber disclosed that hackers stole the personal information from 57 million Uber accounts close to a year earlier.

News of the breach prompted authorities in the U.S. and U.K. to launch formal investigations immediately, while the commissioner in Canada initially asked that Uber file a report explaining how the breach happened and its impact on Canadians.

The privacy commissioner gave little detail in announcing the now formal investigation, noting confidentiality provisions under the Personal Information Protection and Electronic Documents Act.

Uber Canada spokesman Jean-Christophe de le Rue said the company will co-operate with the investigation.


“The privacy of riders and drivers is of paramount importance at Uber and we will continue to work with the privacy commissioner on this matter.”

Uber has started to provide details elsewhere on the number of potential users affected, including about 2.7 million people in the U.K., but has not disclosed how many of its roughly two million Canadian users may have been hit.

With little information forthcoming, Toronto city council voted last week to demand information from the company on the breach based on requirements in their license agreement with the city.

The company is also facing lawsuits, including one from Washington State, for failing to disclose the breach despite laws requiring it to do so.

Federally, Canada doesn’t have laws requiring companies disclose data breaches, though Alberta does have requirements in place.

Changes to federal privacy laws are under way that would make it a requirement, with public consultations closed in October, but under the proposed revision the privacy commissioner would be limited to issuing a maximum $100,000 fine for not disclosing a breach.

Attention on data breaches have increased after numerous high-profile incidents including the Equifax breach earlier this year that included data on 145 million Americans and about 19,000 Canadians.

News from © Canadian Press Enterprises Inc. 2017

Print this page


Stories continue below