815,000 Canadians affected by Uber data breach

Published: December 13, 2017

Updated: July 24, 2018

Author: Luke Jones



The scope of Uber’s data breach is now coming to light. The company initially refused to say how many customers were affected, but on Monday confirmed 815,000 Canadian passengers and drivers were impacted by the breach.

The US-based company recently admitted it was subjected to a major cyber security breach. Uber admitted its system had been hacked and millions of customers’ email addresses, names, and mobile numbers had been stolen. The attack happened nearly a year ago and Uber attempted to cover it up. The company paid the attackers $100,000 to destroy the stolen data.

Uber made its official figures public on the same day the Federal Privacy Commissioner opened a formal investigation into the breach. Earlier this month, residents in Alberta filed a class action lawsuit against the company.

The US-based ride-sharing giant says customer names, email addresses, and mobile phone numbers were taken during the October 2016 data breach. Uber Canada spokesman Jean-Christophe de le Rue said the company will co-operate with the investigation.

“The privacy of riders and drivers is of paramount importance at Uber and we will continue to work with the privacy commissioner on this matter.”

In the announcement, the privacy commissioner did not expand on the details of the formal investigation, citing confidentiality provisions under the Personal Information Protection and Electronic Documents Act.

There is no federal policy that mandates companies to disclose data breaches. However, Alberta does have such a policy.