News that Uber concealed for more than a year a hack that compromised the personal data of more than 57 million customers around the world is renewing calls from privacy advocates for the Canadian government to force companies to alert consumers when their privacy is breached.
Uber CEO Dara Khosrowshah announced in a blog post Tuesday evening that in October 2016 two hackers stole user data from 50,000 customers and 7,000 drivers that the company was storing on a third-party data storage application.
READ MORE: Uber reveals 2016 hack, reports say it paid $100,000 to cover up
While he said the company is “notifying regulatory authorities” of the incident, he refused to specify how many customers and drivers from each affected country had their data compromised.
The company has also confirmed it then paid the hackers $100,000 to delete the data and stay silent.
Privacy advocates have called on the government for years to implement what is known as “mandatory breach reporting,” which would require companies to alert consumers when their information is breached.
Privacy Commissioner Daniel Therrien said earlier this month before a Senate committee that unless there are severe consequences for companies that do not protect user information, few will take their responsibility for protecting consumer data as seriously as they should.
“The fact there are no monetary consequences for them other than the loss of clients means it’s not taken seriously enough,” Therrien said. “If they were vulnerable to lawsuits and substantial fines, then in my opinion that would really focus their minds and make sure that corporate directors would pay close attention to this very widespread phenomenon of hacking, and make sure they were covered legally.”