Canada's privacy commissioner has launched a formal investigation into the massive data breach concealed by the ride-hailing app company Uber.
Last month, Uber's new CEO revealed that a year previously the details of 57 million customer and driver accounts had been stolen, but the company had decided not to divulge the breach at the time.
Instead, the company paid the hacker – reportedly a 20-year-old Florida man living with his mom - $100,000 to delete the data and keep quiet. It pushed the payment through a bug bounty program to make it seem legitimate.
The news caused both US and UK authorities to launch immediate investigations but Canada's privacy commissioner Daniel Therrien took a more cautious response and asked Uber to file a report explaining the breach and its impact on Canadian citizens.
Florida Man… pockets Uber cash to keep quiet about data breachREAD MORE
That report has presumably been delivered and Therrien didn't like what he saw. Although we know that 57 million accounts in total were affected, and that 2.7 million of them live in the UK, it's still unclear how many of the estimated two million Canadian Uber users were impacted.
The ongoing lack of information lead to Toronto city council last week voting to demand relevant information from Uber as a condition of its licensing agreement.
In addition to these three privacy commissioners investigations, Uber is also being sued for its failure to disclose the breach – a legal requirement in some US states. Canadian law currently doesn’t require disclosure of data breaches but that is almost certain to change, with a proposal to made it a legal requirement complete with a fine up to CA$100,000 for a failure to do so, have already been put out for public consultation.
Uber Canada said it would co-operate with the investigation. "The privacy of riders and drivers is of paramount importance at Uber and we will continue to work with the privacy commissioner on this matter," said a spokesman. ®
Sponsored: Webcast: Ransomware has gone nuclear