• About
  • Offices
  • Careers
  • News
  • Students
  • Alumni
  • Payments
  • EN | FR
Background Image
Bennett Jones Logo
  • People
  • Expertise
  • Knowledge
  • Search
  • FR Menu
  • Search Mobile
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
View all
Practices
Corporate Litigation Regulatory Tax View all
Industries
Energy Infrastructure Mining Private Equity & Investment Funds View all
Advisory
Crisis & Risk Management Public Policy
View Client Work
International Experience
Insights News Events Subscribe
Arbitration Angle Artificial Intelligence Insights Business Law Talks Podcast Class Actions: Looking Forward Class Action Quick Takes
Economic Outlook New Energy Economy Series Quarterly Fintech Insights Quarterly M&A Insights Sustainability & the CIO
People
Offices
About
Practices
Industries
Advisory Services
Client Work
Insights
News
Events
Careers
Law Students
Alumni
Payments
Search
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
 
Blog

Grand Theft Data: Uber Announces Almost 60 Million Accounts Compromised in Data Breach

November 22, 2017

Written By Katherine Rusk and Ruth E. Promislow

The CEO of the popular ride-sharing app, Uber, published a bombshell letter to the public yesterday, stating that two hackers had stolen information from almost 60 million driver and rider accounts in October 2016.

The compromised personal information includes names, email addresses, driver's license numbers, and mobile phone numbers. According to a statement from Dara Khosrowshahi, Uber's current CEO, the hackers did not gain access to credit card numbers, Social Security numbers, birth dates, or trip location information.

Anonymous sources speaking to Bloomberg and The New York Times said that the company's then Chief Executive Officer and Chief Security Officer brokered a deal with the hackers to pay $100,000 in ransom in exchange for the deletion of the data and a non-disclosure agreement, and that Uber hid the payouts. The New York Times reported that Uber has fired their CSO for this breach response.

Uber's revelation highlights two key issues for organizations in ensuring good cybersecurity hygiene.

The first issue is that third-party security is your security. The hackers' point of entry into Uber’s system was through a third-party cloud-based service. Using a third-party service to compromise a major corporation is frequent method of attack for hackers—as has been discovered lately by Orange Is The New Black, Target, Home Depot, Costco, and more.

Organizations using cloud-based service providers should understand the steps that the provider takes to maintain security. This is not only important for the purpose of preventing attacks, but it is also important for limiting exposure to claims arising as a result of the attack. Put more simply, your organization may be exposed for the failure by your third-party service provider to employ appropriate cybersecurity protocol.

The second issue highlighted by the Uber incident is that an organization may be exposed to liability not only for a breach itself, but for the way that it responds to the breach. The manner in which an organization handles a breach can give rise to claims—or can help reduce liability. The 2016 class action settlement for the Home Depot data breach shows how companies can mitigate their liability by taking proactive notification measures and by helping the impacted individuals alleviate any harm.

Regulators in the UK, Australia, the Philippines, and New York have already announced they will be looking into Uber's data breach.

Organizations must not only be proactive in seeking to prevent attacks but must also have a well-thought out plan already in place for responding to incidents.

Please note that this publication presents an overview of notable legal trends and related updates. It is intended for informational purposes and not as a replacement for detailed legal advice. If you need guidance tailored to your specific circumstances, please contact one of the authors to explore how we can help you navigate your legal needs.

For permission to republish this or any other publication, contact Amrita Kochhar at kochhara@bennettjones.com.

Download PDF

Author

  • Ruth E. Promislow Ruth E. Promislow, Partner

Related Links

  • Insights
  • Media
  • Subscribe

Recent Posts

Blog

BC Government Streamlines Renewable Energy Regulatory [...]

May 09, 2025
       

Blog

BBHIC 2025: Key Insights From Canada’s Leading Healthcare [...]

May 08, 2025
       

Blog

Upending the Ground Rules: Proposed Major Overhaul [...]

May 08, 2025
       

Blog

Government of Alberta Proposes Significant Changes [...]

May 06, 2025
       

Blog

What Does the SPAC IPO Rebound Mean for Cross-Border Deals?

May 05, 2025
       
Bennett Jones Centennial Footer
Bennett Jones Centennial Footer
About
  • Leadership
  • Diversity
  • Community
  • Innovation
  • Security
Offices
  • Calgary
  • Edmonton
  • Montréal
  • Ottawa
  • Toronto
  • Vancouver
  • New York
Connect
  • Insights
  • News
  • Events
  • Careers
  • Students
  • Alumni
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
© Bennett Jones LLP 2025. All rights reserved.
  • Privacy Policy
  • Disclaimer
  • Terms of Use
Logo Bennett Jones