The international ride share company did not alert the public or officials about the hack, instead choosing to pay the hackers $100,000 to destroy the stolen data.
While the data breach occurred in 2016, Uber has only recently made public the fact that 57 million people had their personal data compromised during the hack.
According to proposed class action, Uber's handling of the whole affair was "willful, reckless, wanton, negligent, callous and in total disregard for the security and rights of the plaintiff and class members."
Filed in Calgary, the proposed lawsuit follows several similar Uber lawsuits filed in the US. The Canadian lawsuit names an Alberta woman who was affected by the data breach as the plaintiff and seeks to have the class action certified to apply to a broader group of people.
The lawsuit seeks a host of general damages, as well as special damages for costs related to credit counselling, compensation for the plaintiffs' lost time and income, as well as costs for credit monitoring and other services to protect them against identity theft.
The stolen data included customers' email addresses and mobile phone numbers as well as driver's licence numbers of some 600,000 Uber drivers in the United States, CBCnews.ca reports. The plaintiff asserts that Uber had a duty to inform regulators as well as customers in Alberta.
"At no time did Uber notify the Office of the Privacy Commissioner, the plaintiff, class members or other affected individuals," the statement of claim reads. "Had it not been for recent media exposure of the Uber hack, class members would to this day remain unaware that their personal information had been compromised."
Plaintiffs are represented by Branch MacMaster LLP .