Ride-sharing company Uber came under fire two years ago for tracking its customers and peeking into travel data from celebrities and high-profile personalities. According to several former company security professionals, Uber is continuing to play fast and loose with their clients’ information.
“Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses,” Ward Spangenberg, Uber’s former forensic investigator, wrote in a court declaration, signed under penalty of perjury.
Despite promises of new policies that would prohibit future breaches, former employees say Uber is allowing lax security practices to continue.
But five former Uber security professionals told Reveal from The Center for Investigative Reporting that the company continued to allow broad access even after those assurances.
Thousands of employees throughout the company, they said, could get details of where and when each customer travels. Those revelations could be especially relevant now that Uber has begun collecting location information even after a trip ends.
Spangenberg, 45, is suing Uber for age discrimination and for whistleblower retaliation. He’s made several sensational allegations.
In addition to the security vulnerabilities, Spangenberg said Uber deleted files it was legally obligated to keep. And during government raids of foreign Uber offices, he said the company remotely encrypted its computers to prevent authorities from gathering information.
After beginning in March 2015, Spangenberg said he frequently objected to what he believed were reckless and illegal practices, and Uber fired him 11 months later.
“I also reported that Uber’s lack of security, and allowing all employees to access this information (as opposed to a small security team) was resulting in a violation of governmental regulations regarding data protection and consumer privacy rights,” he stated.
Uber insists it has strict guidelines and policies in place to prevent unauthorized access to its customers’ data.
“We have hundreds of security and privacy experts working around the clock to protect our data,” Uber said in a statement.
“This includes enforcing strict policies and technical controls to limit access to user data to authorized employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated,” the company said.
Buyer Rider beware.