Our sectors

Show Site Navigation

Lawyers say Uber could now face huge number of legal claims over data breach

Data protection lawyers have estimated that the loss of millions of people’s data following a data breach at the taxi-hailing company Uber could result in a huge number of claims.

22 November 2017

The data breach only came to light this week after the new CEO, Dara Khosrowshahi, revealed in a blog post that hackers stole the personal information of 57 million worldwide Uber users and drivers.

In the blog, Mr Khosrowshahi said that two individuals outside the company "inappropriately accessed user data" stored in a third-party cloud-based service, in 2016.

He explained: "At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals.

"We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed." According to the news service Bloomberg, Uber paid 100,000 US dollars (£75,500) to the hackers to delete the data and keep the breach under wraps.

Mr Khosrowshahi said there had been "no indication" trip history, credit card details, bank account numbers or dates of birth were downloaded by the hackers.

Sean Humber a data protection specialist from the law firm Leigh Day, which recently won an employment tribunal claim over the rights of Uber drivers, said today that the San Francisco based company could face millions of claims in this country and worldwide.

Mr Humber said: “Uber need to urgently clarify the extent to which customers and Uber drivers in the UK have been affected by the data breach, including exactly what personal information has been hacked and what has then happened to this information.

“Uber clearly have many questions to answer with regard to the failure to hold customers’ and drivers’ personal information securely as well as a failure to report the breach to the relevant regulatory authorities and notify those affected.

“In legal terms those affected may have claims for compensation for the distress caused and any losses suffered as a result of the misuse of their private information and breach of the Data Protection Act."

In the blog post Mr Khosrowshahi, who joined Uber in August this year, said: "None of this should have happened, and I will not make excuses for it. "While I can't erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes."

Information was correct at time of publishing. See terms and conditions for further details.

Share this page: Print this page

More information