Uber Canada has revealed that 815,000 Canadians were affected by a 2016 data breach the ride sharing company only disclosed to the public last month.
The worldwide breach saw the personal data of 57 million Uber users illegally downloaded as hackers stole names, email addresses and even mobile phone numbers of riders that Uber stored on third-party cloud-based service GitHub. Personal information of 600,000 drivers was also taken.
Just before the number of affected Canadians was revealed, Canada’s privacy commissioner confirmed the office had opened its own formal investigation into the Uber hack.
Uber Canada spokesperson Jean-Christophe de le Rue told the Canadian Press the company will co-operate with the commissioner’s investigation.
“The privacy of riders and drivers is of paramount importance at Uber and we will continue to work with the privacy commissioner on this matter,” he said to the Press.
Uber initially covered up the October 2016 breach, a move that saw the company paying off the hacker responsible for the breach—who Reuters recently reported is a 20-year-old Florida man—$100,000 to destroy the data. The company was lambasted for its failure to notify users and regulators that personal information was compromised.
The newly minted CEO Dara Khosrowshahi, who wasn’t with the company at the time of the breach or aware of the actions that followed, said in a blog post last month the cover up shouldn’t have happened and that he “will not make excuses for it.”
The two men involved in concealing the breach were subsequently fired and Uber has since implemented more rigorous security measures, said Khosrowshahi.