Uber can't confirm number of Canadians impacted in security breach: privacy commissioner

Canada's federal privacy commissioner says Uber Technologies Inc. can't confirm how many Canadians may be affected by an October 2016 security breach that the riding-hailing firm initially tried to cover up.

The Office ofthe Privacy Commissioner of Canada told CBC Newsit hasreached out to the company to ask for more information about the breach.

• Uberadmits covering up 2016 hack that affected millions

"We have askedUberto provide us with a written breach report, in which we would expect them to provide details about how the breach happened and about the impact on Canadians,"Valerie Lawton, a spokesperson forthe privacy commissioner, said in an emailed statement.

The privacy commissioner's office has not opened a formal investigation, but said it is reaching out to its international counterparts.

"The privacy of our riders and drivers is of paramount importance for Uber," said Uber Canada spokesperson Susie Heath.

"That is why we are working closely with regulatory and government authorities globally, including the Federal Privacy Commissioner's Office here in Canada. Until we complete that process we aren't in a position to get into more detail," Heath said.

Authorities in the U.S., the U.K., Australia and the Philippines said they will investigate the company's handling of the breach. Attorneys general in several U.S. states, including Connecticut, Illinois, Massachusetts and New York, said they have launched probes.

UberCEO Dara Khosrowshahi said in a statement posted Tuesday on the company's website that two individuals from outside the businesshad inappropriately accessed user data stored on a third-party cloud-based service.

Khrosrowshahi said the individuals were able to download load files containing the names and driver's license numbers of around 600,000 drivers in the United States, and somepersonal information of 57 million Uber users around the world, includingnames, email addresses and mobile phone numbers.

Uber said Tuesday that in late 2016 it had paid hackers about $100,000 US to destroy the data on the customers and drivers, and had decided not to report the breach to victims or authorities.

Khrosrowshahiacknowledged that the company made a mistake in its handling of the breach, and said two people who led the response to it are no longer with Uber. The company fired its chief security officer, Joe Sullivan, and his deputy, Craig Clark, this week.

Uber said that while it hasnot seen evidence of fraud or misuse tied to the incident, it ismonitoring affected accounts and have flagged them for additional fraud protection.

Reuters reported that a spokesperson for Uberco-founder and former CEO Travis Kalanickdeclined to comment on the breach. Replaced as CEO byKhrosrowshahiin August, Kalanickis still on Uber's board of directors.

The breach at Uber is the latest in a string of massive cybersecurityincidents recently. A breach at Equifaxresulted in the exposure of the data of roughly 145 million people in the United States, and about 8,000 Canadians.