Uber collects quite a bit of data about the tens of millions or rides that are booked using its service every day all across the globe. The company says that the data enables it to provide a better ride experience but it appears that the company hasn’t really been able to control what its employees do with that data. Former Uber forensic investigator Samuel Spangenberg has claimed in a court filing that the company doesn’t properly protect personal data when a user requests a ride.
Spangenberg later testified that the company’s lack of security regarding customer data was “resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances” such as their ex-boyfriends/girlfriends and ex-spouses.
This isn’t the first time that Uber employees have been accused of tracking users. Several executives were fined $20,000 back in 2014 for using Uber’s “God View” to track customers in real time.
The Huffington Post reports that Uber’s Chief Information Security Officer John Flynn has disputed Spangenberg’s allegations in an internal email which says adds that “Much of the information is out of date and doesn’t accurately reflect the state of our practices today.”
However, five former security professionals how worked at Uber said that employees are provided access to this data. The sources mention that Uber’s policy is based on an honor system in which employees agree not to misuse their access but it doesn’t really have a way to control how they use that data.