Uber could face class-action lawsuit in Alberta for concealing cyberattack

uber

A law firm has launched a class-action lawsuit against Uber on behalf of Albertans whose personal information was compromised in the company’s recently revealed widespread data breach, according to the CBC.

Last week, the ride-hailing company admitted to covering up a 2016 cyberattack that affected 57 million customers. Personal information from 50 million Uber riders was accessed, which included names, email addresses and phone numbers. Meanwhile, seven million Uber drivers also had their information accessed, including approximately 600,000 U.S. driver’s license numbers.

Instead of disclosing the breach, Uber’s since-terminated chief security officer Joe Sullivan agreed to pay the hackers who stole the data $100,000 to destroy it.

According to a statement of claim filed in Calgary this week by Branch MacMaster LLP, Uber’s handling of the breach was “willful, reckless, wanton, negligent, callous and in total disregard for the security and rights of the plaintiff and class members.”

The lawsuit currently names an Alberta woman who was affected by the data breach as the plaintiff, although she seeks to have the class action certified to include a broader number of people.

Luciana Brasil, a partner with Branch MacMaster LLP, told CBC News that should the court certify the case, the rule is that others deemed to be affected by the breach will “automatically participate unless they take steps to exclude themselves.”

On top of a range of general damages, the lawsuit also seeks special damages for costs related to credit counselling, compensation for the plaintiffs’ lost time and income and costs for credit monitoring and other methods of identity theft protection.

The lawsuit alleges Uber failed to do its duty to inform both customers and regulators in Alberta of the cyberattack.

“At no time did Uber notify the Office of the Privacy Commissioner, the plaintiff, class members or other affected individuals,” reads the statement of claim. “Had it not been for recent media exposure of the Uber hack, class members would to this day remain unaware that their personal information had been compromised.”

None of the allegations in the statement of claim have been proven in court.

Uber has not publicly identified the attackers. However, the current CEO, Dara Khosrowshahi, who replaced Travis Kalanick back in September, said in a statement that “none of this should have happened, and I will not make excuses for it.” He also said that Uber is “changing the way we do business.”

This article was originally published on MobileSyrup

Bradly Shankar

Bradly Shankar

Fourth-year journalism student at Ryerson University.