That Uber breach? Privacy commissioner is now investigating

The country's privacy commissioner is opening a formal investigation into a 2016 Uber breach that compromised the personal information of tens of millions of the ride-hailing service's users.

Similar investigations have been launched by authorities in the U.S., U.K.and Australia, as well as numerous U.S. states, whileaclass-action lawsuithas also been filed in Alberta.

Uber revealed last month that information on more than 57 million of the service's riders and drivers was stolen in 2016, though the company says it has no evidence the data was misused.

The company won't sayhow many Canadians users had data stolen. TheU.K. government says it learnedthat2.7 million U.K. users were affected.

Uber's former chief security officer Joe Sullivan managed to keep the breach a secret for more than a year, until it emerged last month that had paid the thieves $100,000 to destroy the information.

Reuters reported that the payment was made through abug bounty service where money is paid to security researchers who identify and report flaws or bugs found in a company's systems in an attempt to disguise the payment as a typical reward.

"The privacy of riders and drivers is of paramount importance atUberand we will continue to work with the privacy commissioner on this matter," said UberCanada spokespersonXavier Van Chauin a statement.

Another spokesperson, Susie Heath, previously told CBC News that, until the company is finished working with authorities,"we aren't in a position to get into more detail."

In his annual report to Parliament this past fall, Privacy Commissioner Daniel Therrien said his office was looking to be more proactive in its enforcement of the country's privacy protections in part, by launching more of its own investigations.

Under current legislation, the privacy commissioner cannot issue binding orders or fines against companies that misuse personal information or ignore its recommendations. It can, however, take non-compliant companies to Canada's Federal Court, where a judge can order the company to comply.

"We received a letter from a parliamentarian, which prompted our office to open a commissioner-initiated complaint," saidTobiCohen, aspokeswomanfor the privacy commissioner's office."We have not received a written breach report from Uber, nor have we been advised of the impact on Canadians. We've asked Uber to provide us with that information as soon as possible. Discussions with Uber are ongoing."

She declined to provide further information, citingconfidentiality provisions of Canada's privacy legislation.