Uber breach under review by Canadian privacy office

Canada’s federal privacy commissioner has opened an investigation into the recently disclosed Uber breach that compromised the personal information of tens of millions of ride-share users around the world.

“We received a letter from a parliamentarian, which prompted our office to open a commissioner-initiated complaint,” Tobi Cohen, a spokeswoman for the Office of the Privacy Commissioner of Canada (OPC), said in a statement Monday.

“We have not received a written breach report from Uber, nor have we been advised of the impact on Canadians. We’ve asked Uber to provide us with that information as soon as possible. Discussions with Uber are ongoing,” Ms. Cohen said, CBC reported.

Uber revealed later Monday that the personal information of about 815,000 Canadian users was compromised in the October 2016 data breach.

“The privacy of riders and drivers is of paramount importance at Uber and we will continue to work with the privacy commissioner on this matter,” Uber Canada said in a statement.

Uber announced Nov. 21 that the personal information of about 57 million users was compromised as the result of a data breach 13 months earlier, including names, email addresses and mobile phone numbers belonging to riders and drivers in the U.S. and abroad.

Uber knew about the breach shortly after it occurred and paid the perpetrator $100,000 to keep the incident under wraps, Reuters reported last week.

Attorneys general in several states have since launched investigations into the breach, and federal regulators in the U.S., U.K. and Australia have said their reviewing the matter.

“None of this should have happened, and I will not make excuses for it,” Uber CEO Dana Khosrowshahi said when he revealed details about the breach for the first month. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

Mr. Khosrowshahi became Uber’s chief executive in August and recently terminated two former members of the company’s security team over their handling of the 2016 data breach. At least three others have since offered their resignation, Reuters reported.