Last month, Uber revealed that it suffered a massive security breach in 2016 that affected some 57 million users globally.
And now the City of Toronto wants some answers as to how this breach affected the local community.
During Friday’s meeting, City Council approved Councillor Janet Davis‘ motion to demand Uber disclose information related to the breach in order to know how many people in Toronto had their personal data accessed, and what private information was released.
“In October of last year, Uber Technologies Incorporated was hit by a data breach. The general public was unaware of this massive privacy leak as Uber covered up and paid $100,000 to erase all evidence of the breach,” read a council report.
“Uber has refused to respond to requests from Canadian authorities to disclose how many Canadians were affected by the breach, and where they are located.”
According to the report, in May 2016, five months before the data breach occurred, Toronto licensed Uber as a Private Transportation Company (PTC). As part of that License Agreement, the City of Toronto asked that all Private Transportation Companies implement data security measures “to protect the personal data collected by the PTC relating to passengers and drivers” as set out in Chapter 546 of the Municipal Code.
The agreement requires Uber to produce any information requested for investigative or audit purposes, and it would have to be provided to the City within 30 days of the receipt of the request.
When the information was released last month, Uber said that they don’t believe any individual rider needs to take any action, as they have seen no evidence of fraud or misuse tied to the hack.
Additionally, the company released a statement saying the privacy of their riders and drivers is of paramount importance. “That is why we are working closely with regulatory and government authorities globally, including the Federal Privacy Commissioner’s Office here in Canada.”