Uber to Pay $20000 For Information Breach

The company will pay $20,000 in settlement to conclude a 14-month investigation regarding Uber’s “God View” tool, which the company allegedly used to violate privacy by tracking riders. In this data breach, Uber alleged that an unauthorized third party managed to gain entry to its driver names and license numbers, and the overall impact was assessed to cover close to 50,000 drivers, and across multiple states to boot.

The inquiry into the San Francisco-based company then expanded into Uber’s discovery of a data breach in September 2014 affecting many of its drivers, an incident Uber did not report to the NY attorney general until February 26, 2015. The system not only provided Uber an aerial-like view of all of the cars in the city, but also contained the personal information of the riders in them.

The New York AG’s investigation into Uber’s privacy and security practices was prompted by a series of BuzzFeed News reports that revealed Uber New York general manager Josh Mohrer had accessed this reporter’s ride logs and later used “God View” to track this reporter’s ride without express permission. The firm will pay a $20,000 fine for not telling Schneiderman’s office or its drivers about the breach in a “timely” fashion.

However, traditional taxi firms and governments are constantly attempting to have the app banned, and following investigations conducted by Buzzfeed, the company came under scrutiny concerning how it handled sensitive user data. In November 2014, Schneiderman launched an investigation into Uber’s handling of customer personal information it collects, such as names, email addresses, phone numbers and payment information. Only employees with “legitimate business purposes” will be able to access those records, while multi-factor authentication will be one of the steps it undertakes to protect user identity. Tomorrow’s settlement makes these rules easier for authorities to verify as well as legally enforce.

“Uber also collects the geographic location of riders and drivers in real time”, according to the statement from Schneiderman’s office.

“I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers’ and employees’ private information”, he added.