Uber faces Alberta class-action over data breach

Published: November 30, 2017

Updated: July 24, 2018

Author: Luke Jones



Ride-sharing giant Uber is facing a class-action lawsuit in Alberta legal representatives for residents who say their personal information was compromised in a recent data breach.

The US-based company recently admitted it was subjected to a major cyber security breach. Uber admitted its system had been hacked and millions of customers’ email addresses, names, and mobile numbers had been stolen. The attack happened nearly a year ago and Uber attempted to cover it up. The company paid the attackers $100,000 to destroy the stolen data.

The company has been widely criticized for covering up the breach. Uber has remained vague, not breaking down specific numbers for how many drivers were affected by country. It is known 600,000 drivers had data stolen in the United States alone.

A claim statement filed in Calgary this week argues Uber’s management through the whole episode was “willful, reckless, wanton, negligent, callous and in total disregard for the security and rights of the plaintiff and class members.”

The lawsuit was filed by Branch MacMaster LLP and names one Alberta woman who was affected by the data breach.

“When there is an alleged wrong on the part of a defendant that affects a great number of people, it’s typically ideal for prosecution as a class action,” Branch MacMaster LLP partner Luciana Brasil told CBC. “If the court does certify the case, then everyone who is a member of the class, who fits in that definition, will be able to participate in the case.”

“And the rule, actually, is that they automatically participate unless they take steps to exclude themselves.”

Along with damages, the lawsuit will seek special costs for credit counselling and compensation for lost time and income.

“At no time did Uber notify the Office of the Privacy Commissioner, the plaintiff, class members or other affected individuals,” the statement of claim read.