An Alberta judge has denied a national class-action lawsuit against Uber over a massive data breach involving more than 800,000 Canadians, saying the claim offered no evidence of personal harm or financial loss from the company’s actions.
The proposed action was launched by Branch MacMaster LLP in 2017 after the international ride-hailing giant admitted hackers had accessed the personal information of 57 million users and 600,000 U.S. drivers a year earlier. Uber has said 815,000 Canadian riders and drivers may have been affected by the breach.
Lead plaintiff Dione Setoguchi sought personal and punitive damages from Uber and its affiliates on behalf of its Canadian customers, claiming the company failed to properly protect their personal data.
The claim stated hackers accessed personal information of Uber users and contractors, including email addresses, telephone numbers, encrypted passwords and drivers’ licences. Uber argued the stolen information was similar to what’s readily available through most electronic commerce.
“It has been over three years since that criminal incident. There is no evidence of any confirmed case of fraud, identity theft or other economic loss to any Canadian as a result,” Uber submitted at a hearing last year.
Court of Queen’s Bench Justice John Rooke, in a ruling posted online last week, said the claimants failed to demonstrate personal or financial harm, or that any truly confidential information was obtained by the hackers. In fact, much of the stolen data was the kind found in old telephone directories, he stated.
“There is only speculation about a future possibility of loss or harm. Were this case to be certified at this stage, it would go to trial in the mere hope that evidence of loss or harm might at some point arise,” Rooke wrote in his decision against certifying the action.
“There is no evidence of any of this data having been released beyond the hackers in the four years since the hack.”
Uber paid US$148 million in fines as part of a settlement agreement for failing to notify clients and drivers their personal information had been stolen. The company hid evidence of the hack and paid a reported $100,000 ransom for the information to be destroyed.
A former chief security officer for Uber Technologies was criminally charged last August with working to cover up the hack.