Car-sharing platform CityBee will have to pay 103,000 euros in non-pecuniary damages to almost 350 of its users who were affected by the leak of their data back in 2021, the Lithuanian Court of Appeal has ruled.
On Tuesday, the Court of Appeal overturned a decision taken by the Vilnius Regional Court in February this year, which had exempted CityBee from paying damages to users whose data was published online by cyber criminals in 2021.
“A new decision has been taken on non-pecuniary damages, the lawsuit has been upheld, and all the requested non-pecuniary damages have been awarded," Vytautė Rolskytė, an adviser to the president of the Court of Appeal, told BNS on Tuesday.
The court's decision will compensate each CityBee user who filed a class action lawsuit for 300 euros in non-pecuniary damages, while the Vilnius Regional Court will have to reassess the request for compensation for some of them for material damage.
Further reading
In February 2021, criminals posted the data of around 110,000 Lithuanian-registered CityBee users on one of the forums favoured by cyber hackers. The data included users’ names, phone numbers, email addresses, personal ID codes, residential addresses, driving licence numbers and encrypted passwords.
An investigation by the National Cyber Security Centre (NKSC) found that the data might have been exposed due to the mismanagement of cloud services.
CityBee is active in Lithuania, Latvia, Estonia and Poland. The company operates a fleet of more than 2,000 vehicles and has a registered customer base of more than 800,000 clients.
The Court of Appeal's decision is effective immediately, but can be appealed to the Supreme Court within three months.
Newsletter
Every Friday morning.
