Uber employees have access to customer trip information, and they’re using it to spy on ex-girlfriends and celebrities like Beyoncé, a former employee claims.
A new piece out from Reveal’s Will Evans details Uber’s history with security and privacy. The story cites the experience of Ward Spangenberg, Uber’s former forensic investigator who was fired from the company last February. Spangenberg is suing Uber, alleging wrongful termination, defamation, and age discrimination.
In a stunning October court declaration, Spangenberg alleges that Uber employees freely accessed trip information about celebrities and politicians and helped one another spy on ex-boyfriends and ex-girlfriends by tracking where and when they traveled. Spangenberg, who worked at Uber for 11 months, said the company’s lack of security violated consumer-privacy and data-protection regulations.
Reveal spoke with five former Uber employees who also said employees could easily track customers – they estimated the number of employees with such access was in the thousands.
‘You could get away with it forever’
Earlier this year, Uber signed an “assurance of discontinuance” vowing to keep its users’ personal information private after the New York attorney general began investigating the company’s use of a tool called “God View.” The tool provided Uber an aerial view of all of the cars in a city and contained the personal information of the riders in them.
As part of the settlement, Uber said it had “removed all personally identifiable information of riders from its system that provides an aerial view of cars active in a city, has limited employee access to personally identifiable information of riders, and has begun auditing employee access to personally identifiable information in general.”
Reveal reports that Uber also changed the name of that tool to “Heaven View.”
But the former employees Reveal spoke with suggested not much had changed since January and the new policies were never enforced. While employees who are caught tracking customer data without permission are fired, Spangenberg told Reveal that “if you knew what you were doing, you could get away with it forever.”
Uber disputes the claims and maintains that it has strict policies in place to protect customer information.
“Uber continues to increase our security investments and many of these efforts, like our multi-factor authentication checks and bug bounty program, have been widely reported,” an Uber representative wrote in a statement emailed to Business Insider. “We have hundreds of security and privacy experts working around the clock to protect our data. This includes enforcing strict policies and technical controls to limit access to user data to authorized employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated.”
Uber says employees don’t receive across-the-board access to customer data and there are several controls in place to ensure that employees only access that data for work purposes. That data access is logged and frequently audited, the company says.
Reveal delves further into the case and Uber’s privacy and security issues over the past few years, so head over to Reveal’s site for more.