Cybersecurity Insight

Uber Set to Pay for Recent Data Breach

8 Jan

It hasn’t been a great start to the new year for taxi and private car service, Uber. On New Year’s Day the company took heat over the ‘surge charges’ it imposed on New Year’s Eve – increased pricing during times of high demand on the service. Many users described encounters where they were told one price at pick up yet charged another at drop off, sometimes amounting to a several hundred dollars difference for relatively short trips.

Right when the fervor from the New Years debacle dies down Uber finds itself in the news once again; this time for a much more serious reason – a data breach and a lack of urgency in notifying anyone about it.

In 2014 Uber was the subject of a data breach that affected a number of its drivers’ names and license numbers. Uber reportedly discovered this data breach as early as September of 2014, yet didn’t notify the drivers or the New York Attorney General Eric Schneiderman’s office until February of 2015.

This week Uber agreed to a fine of $20,000 for its inability to quickly notify the people affected by the breach and the AG’s office. The investigation also looked into the misuse of the “God View” by Uber executives, allowing them to track a particular user’s or driver’s rides and locations. An inquiry by Schneiderman in 2014 spurred this initial investigation, in particular relating to the company’s handling of customer information such as names, payment information, emails, and phone numbers.

Lawmakers, including Senator Al Franken, have begun to question Uber’s privacy practices and policies as well as to determine why Uber executives would have access to such information and why they would need to use it.

This, of course, brings up several issues when it comes to personal privacy of those who use services like Uber which not only store personal information, but can track an individual’s location fairly easily.

Privacy is a major concern as almost every major app and social service uses a location-based system to track their users. Of course, this information is provided willingly and these same users are often given the option to not have their location tracked – in Uber’s case, it would be virtually impossible.

Not a lot of personal choice involved there; I guess the only surefire way to ensure your privacy is to not use the app at all.

Hmm, hail a cab on the street and pay cash? What a novel idea.