Ridesharing company Uber has finally agreed to inform all riders and drivers in Canada who were affected by a major data breach in 2016.
The company’s decision comes following a February 28, 2018 ruling by the Alberta privacy commissioner that declared that the breach led to a “real risk of significant harm.” Uber said that while it disagrees with the commissioner’s ruling, it will obey with the decision.
BetaKit reported that the notifications will be sent via email.
In November 2017, Uber admitted that it had concealed the fact that it had suffered a cyberattack in 2016 that affected about 57 million passengers and drivers in the US. Later, the company confirmed that around 815,000 Canadian customers were also affected by the attack.
“When Uber’s new leadership learned of the incident from 2016, they initiated a thorough investigation, disclosed the circumstances to Canadian privacy commissioners, and committed full cooperation with their investigations,” the company said in an email statement to MobileSyrup. “Our outside forensic experts have seen no indication that credit card information, dates of birth, or location over time were accessed or downloaded.”
Uber has plans to request a judicial review of the privacy commissioner’s ruling, firmly believing that the data breach incident did not create a real risk of significant harm.
“We have seen no evidence of fraud or misuse tied to this incident, and are monitoring the affected accounts,” the company maintained in a statement.
The company is currently under investigation by the Office of the Privacy Commissioner of Canada.