Former Uber employee, Ward Spangenberg has a warning for all those who use the popular ride-hailing app: Your personal details aren’t safe. He alleges that due to a lack of security measures, Uber workers can easily spy on riders through their respective accounts.
“Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities and even personal acquaintances of Uber employees including ex-boyfriends/girlfriends, and ex-spouses,” Ward wrote in a court declaration, signed in October under penalty of perjury.
"Uber collected data regarding every ride a user requested, their username, the location the ride was requested from, the amount they paid, the device used to request the ride (i.e., iPhone, Droid, etc.), the name and email of the customer, and a myriad of other data that the user may or may not know they were even providing to Uber by requesting a ride," Spandenberg added.
Spandenberg says that when he reported his concerns regarding this issue to the company, he was fired on the grounds that he violated their code of conduct and re-imaged his laptop. However, he believes that he was fired because he made the complaints. He is currently suing the company for wrongful termination. However, Uber has insisted that the company maintains strict policies and that employees were prohibited from accessing user information.
Uber’s Chief Information Security Office while denying Spandenberg’s allegations to ABC News says,"It’s absolutely untrue that 'all' or 'nearly all' employees have access to customer data, with or without approval. And this is based on more than simply the 'honor system': we have built entire system to implement technical and administrative controls to limit access to customer data to employees who require it to perform their jobs. This could include multiple steps of approval—by managers and the legal team—to ensure there is a legitimate business case for providing access." Flynn added that the company "continues to increase our security investments."
"This includes enforcing strict policies and technical controls to limit access to user data to authorized employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated," Flynn said. "What’s more, if an employee has access to some customer data, she does not have access to all customer data. Access is granted to specific types of data based on an employee’s role. All data access is logged and routinely audited, and all potential violations are quickly and thoroughly investigated."
The lawsuit which was filed back in May, is currently in arbitration.
