Uber faces class-action lawsuit in Alberta over data privacy breach

Uber faces class-action lawsuit in Alberta over data privacy breach | Corporate Risk & Insurance

Uber faces class-action lawsuit in Alberta over data privacy breach
Uber is being hit with a class-action lawsuit by a law firm representing Albertans whose personal information was compromised when the ride-hailing company suffered a data breach.

Just over a week ago, Uber revealed that the personal information of 57 million customers had been stolen last year in a cyberattack. The stolen data included customers’ email addresses, mobile phone numbers, and the driver’s licence numbers of about 600,000 Uber drivers in the US.

According to Uber’s new CEO, the company’s former chief security officer (who has since been fired) agreed to pay the hackers’ ransom of $100,000 to have them destroy the data.

A statement of claim filed this week in Calgary by Branch MacMaster LLP said that Uber’s handling of the whole affair was “willful, reckless, wanton, negligent, callous and in total disregard for the security and rights of the plaintiff and class members.”

CBC reported that none of the allegations in the statement of claim have been proven in court.

The lawsuit names an Alberta woman affected by the breach as the plaintiff and seeks to have the class action certified to apply to a broader group of individuals.

“When there is an alleged wrong on the part of a defendant that affects a great number of people, it’s typically ideal for prosecution as a class action,” Branch MacMaster LLP partner Luciana Brasil told CBC. “If the court does certify the case, then everyone who is a member of the class, who fits in that definition, will be able to participate in the case.”

“And the rule, actually, is that they automatically participate unless they take steps to exclude themselves.”

On top of general damages, the lawsuit is seeking special damages for costs related to credit counselling, compensation for the plaintiffs’ lost time and income, as well as costs for credit monitoring and other similar services.

The lawsuit alleges that the ride-hailing company had a duty to inform both customers and regulators in the province.

“At no time did Uber notify the Office of the Privacy Commissioner, the plaintiff, class members or other affected individuals,” the statement of claim read.

“Had it not been for recent media exposure of the Uber hack, class members would, to this day, remain unaware that their personal information had been compromised.”