Uber To Pay $20,000 As Settlement Over Privacy Breach By Its ‘God View’ Tracking Tool
The Attorney General of State of New York, Eric Schneiderman has decided to fine Uber $20,000 for its โGod Viewโ programme and the companyโs overall negligent security practices. This decision comes after the data breach act that took place in May 2014 when an Uber engineer unintentionally posted online login information for a private database containing driver information. This was discovered by the company a few months later in September, when a former employee from a competitor revealed the problem.
The security breach had exposed the data of approximately 50,000 drivers across multiple U.S. states. Data included names of the independent contractors that collaborate with Uber, routes that were taken, clients that requested them, and even the name, phone numbers and e-mail addresses of said clients were stored on a cloud where any third party could have had access to them.
The matter came to light when Uberโs New York manager, Josh Mohrer revealed to a journalist that he was both tracking her Uber ride and accessed her ride history logs without permission, including through the companyโs โGod Viewโ tool. The tool shows an aerial view of all passengers and drivers in a particular area.
It would appear that the taxi service company was indeed using an entire tracking system that recorded and kept logs of every single trip ever took via their cars which corporate employees were able to access at any time via the so called โGod Viewโ app. Further, it was revealed that said employees could also access customer personal information as well. The fine has been imposed on the company for its delay in providing timely notice of the data breach to the affected drivers and the office of the attorney general.
What followed were disclosures that the God View tool was available to employees largely within the company, who could use it with little discretion. Eventually, Uber backed down but not before settling with the State of New York for $20,000 and agreeing to an overhaul of its privacy policy to better protect and encrypt location data of its riders for โlegitimate business purposes.โ
According to BuzzFeed, the settlement says:
โUber has represented that it has removed all personally identifiable information of riders from its system that provides an aerial view of cars active in a city, has limited employee access to personally identifiable information of riders, and has begun auditing employee access to personally identifiable information in general.โ
Following the ordeal, Uber spokesman Matt Wing made a statement saying that the company is now fully committed to protecting the privacy and the personal data of both its customers and its drivers and has, therefore, revised its privacy practices. The amount of data that was previously subject to potential abuse by internal staff and a truly worrisome prospect should it had fallen into the wrong hands, is now only accessible by employees only under circumstances of dire need.
The settlement is due to be officially announced tomorrow, and Uber has also agreed to notify the Attorney Generalโs office if the โGod Viewโ application resumes collecting GPS information from mobile devices when the app is not open.