Famous transportation service Uber was fined $20,000 over a 2014 data breach, according to CNET. This was the culmination of a 14-month probe into the company’s data protection services. The settlement was just as focused on rider privacy as it was about the actual data breach.
The center of the issue was how Uber employs a “god view” tracking system that reveals the location of Uber drivers. It used to be a feature accessible by Uber drivers, and the general manager of Uber New York, Josh Mohrer, told a journalist that he was tracking her ride and accessed her ride history without her permission.
It was 2014 when the company first came under scrutiny after data concerning 50,000 drivers was exposed to the public. This prompted New York to investigate Uber, leading to the $20,000 dollar fine. The fine was more because Uber didn’t warn their drivers of the breach in a timely fashion.
“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” Schneiderman said in a statement.
“We are committed to protecting the privacy of consumers and customers of any product in New York State, as well as that of employees of any company operating here. I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers’ and employees’ private information.”
A copy of the settlement acquired by Buzzfeed went into more detail.
“Uber has represented that it has removed all personally identifiable information of riders from its system that provides an aerial view of cars active in a city, has limited employee access to personally identifiable information of riders, and has begun auditing employee access to personally identifiable information in general.”
Obviously, many changes are going to happen in how Uber does business.
Buzzfeed reporter Johana Bhuiyan wrote, “These practices include password-protecting and encrypting the geo-location data of Uber riders and drivers, limiting access to that information to designated employees with ‘legitimate business purposes,’ and incorporating multi-factor authentication and other ‘protective technologies’ to secure personal information.”
When you step back to think about it, $20,000 probably isn’t all that much to Uber, especially after New Year’s Eve, when they jacked the surge rates up to record levels.
— Julia Wong (@JWongGlobalNews) January 3, 2016
Some drivers were charged more than $1,000 to ride with the popular service. A man named Matthew Lindsay explained his reaction as “[p]hysically shocked. I couldn’t believe what I was seeing. I felt it was beyond unreasonable. You could go anywhere in the world for that price.”
Surge pricing is a regular occurrence to loyal users of Uber, but like Lindsay said, it’s definitely a little much to have to pay $1,000 for a ride home.
— The Verge (@verge) January 6, 2016
Nevertheless, Uber had this to say about the fine in a statement afterwards.
“We are deeply committed to protecting the privacy and personal data of riders and drivers,” Uber said in a statement. “We are pleased to have reached an agreement with the New York Attorney General that resolves these questions and makes clear our commitment to best practices that put our community first.”
Uber doesn’t have much to worry about. They just got a small fine after they made an absolute killing on New Year’s Day. In other news, Lyft is making strides into developing self-driving cars, which should shake things up between the two. For now, Uber will pay their fine and get back to work.
[Photo by Carl Court]