(416) 916-1387
Team
David Milosevic
Joella Miller
Arad Moslehi
Annelise Do Rio
Jamie Lee Roche
Expertise
Complex Corporate Commercial Litigation
Contract Disputes Debt Collection Enforcement Derivative Claims Enforcement Of Foreign Judgments Oppression Claims Partnership Disputes Shareholder Disputes
Commercial Real Estate Litigation
Mortgage Fraud & Disputes Purchase & Sale Litigation
Professional Liability
Defamation, Libel & Slander Director & Officer Liability Investment Advisor Liability Lawyer Negligence
Civil Fraud
Employee Fraud
Injunctive Relief
Receiverships
Class Action
Class Action Defence For Small & Mid Sized Companies
Investment Loss
Advisor/Broker Fraud Asset Recovery
Appellate Litigation
Appeals to the Divisional Court
Appeals to the Ontario Court of Appeal
Appeals to the Supreme Court of Canada
Media
Careers
Contact
(416) 916-1387

Our Services

We represent clients in complex commercial litigation matters, from contract and partnership disputes, to complex multi-party commercial claims.

Complex Corporate Commercial Litigation

Commercial Real Estate Litigation

Professional Liability

Civil Fraud

Injunctive Relief

Receiverships

Class Action

Investment Loss

Uber’s Latest Data Breach: Foreshadowing At The FTC?

Uncategorized
Author David Cassin
Date Posted on November 22, 2017

On Tuesday evening, Uber’s CEO announced that in late 2016 the company learned hackers gained access to the personal information of over 57 million users worldwide.

While the full extent of Uber’s data breach is still being uncovered, the personal information accessed in the data breach includes names, email addresses, and phone numbers, and may also include location history, credit card numbers and even social insurance numbers.[1]

It has also been reported that in response to the data breach, Uber paid a USD$100,000 ransom. It is alleged that the ransom deal was arranged by the company’s chief security officer and approved by the former chief executive.[2] An initial report from the New York Times found that Uber went to great lengths to cover-up the data breach, including having the hackers sign nondisclosure agreements, and misrepresenting the use of the funds paid to the hackers.[3]

Writing on the Wall

As the full extent of Uber’s data breach comes to light, questions arise as to whether Uber’s previous run-ins with the United States’ Federal Trade Commission (the “FTC”) foreshadowed this latest breach.

In August 2017, Uber settled an investigation brought by the FTC regarding a data breach from May 2014, which exposed more than 100,000 names and driver’s license numbers of Uber’s drivers.[4]

In its original complaint, the FTC alleged that Uber engaged in a number of practices that failed to provide reasonable security to prevent unauthorized access to consumers’ personal information stored in its databases.[5] As a result of Uber’s failure to provide reasonable security measures, the FTC alleged that Uber’s databases were hacked.[6]

Uber eventually settled the FTC investigation by agreeing to improve its privacy and security practices, implementing a comprehensive privacy program, and agreeing to external audits monitoring its compliance for the next 20 years.[7] Uber was not fined by the FTC in connection with this complaint and investigation.

Uber’s Liability

As of today, regulators in the United Kingdom, the United States, and Italy have said they are opening investigations into Uber’s latest data breach. A class action lawsuit has also been commenced in California on behalf of drivers whose information was compromised, and the FTC said it is opening a new investigation into Uber.[8]

The Office of the Privacy Commissioner of Canada has contacted Uber to obtain more information regarding the breach and to confirm the impact on Canadian consumers.[9] It is not clear whether a formal investigation will be launched by the Commissioner at this time.

Given the extent of this most recent data breach, and the millions of users affected, Uber will face increasing liability from regulators worldwide, as well as face a multitude of class action lawsuits in jurisdictions where consumers’ information has been breached.

Uber’s data breach and the immediate ramifications the company is suffering underlay the requirement that business – big and small – get serious about cybersecurity. Retaining experienced counsel who can advise on potential security risks, data breach response measures, and consumer notification requirements, is crucial to protecting your business.

By: David Cassin

______________________________________________________________________________________________________________________________________

[1] 2016 Data Security Incident, <https://www.uber.com/newsroom/2016-data-incident>.

[2] <https://www.nytimes.com/2017/11/21/technology/uber-hack.html>.

[3] Ibid.

[4] Federal Trade Commission Press Release, <https://www.ftc.gov/news-events/press-releases/2017/08/uber-settles-ftc-allegations-it-made-deceptive-privacy-data>.

[5] Federal Trade Commission Complaint,<https://www.ftc.gov/system/files/documents/cases/1523054_uber_technologies_complaint.pdf> at 4.

[6] Ibid at 5.

[7] Federal Trade Commission Press Release, <https://www.ftc.gov/news-events/press-releases/2017/08/uber-settles-ftc-allegations-it-made-deceptive-privacy-data>.

[8] <https://www.ft.com/content/20d98370-cf68-11e7-9dbb-291a884dd8c6>.

[9] <http://www.cbc.ca/news/business/uber-breach-canadians-1.4414354>.

© 2024 Milosevic & Associates. All rights reserved. Privacy Policy / Disclaimer. Website designed and managed by Umbrella Legal Marketing