Uber has agreed to pay a $20,000 penalty for poor data security practices and to reform the way it handles user information, New York’s attorney general, Eric T. Schneiderman, has announced.
The decision comes after a 14-month investigation into the taxi company’s management of customer data found that its executives were able to track passengers’ through a tool known internally as ‘God View’.
Mr. Schneiderman revealed that this aerial system allowed Uber to monitor, in real-time, the whereabouts of its customers, without their knowledge or permission.
The company was also reprimanded for failing to inform the relevant authorities of a data breach it experienced in September, 2014, in a timely way.
“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” New York’s attorney general said.
“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff."
“We are committed to protecting the privacy of consumers and customers of any product in New York State, as well as that of employees of any company operating here.”
As part of the settlement, the app-based taxi company has agreed to encrypt passenger geo-location data and adopt multi-factor authentication, which will go a long way to boosting security and privacy.
The implementation of the latter applies to instances where Uber employees would need access to “especially sensitive” customer information.
The investigation into Uber’s data practices came after several reports in the media alerted the attorney general to this (at the time) alleged intrusion. BuzzFeed was one of the first to break the story.
“We are deeply committed to protecting the privacy and personal data of riders and drivers [and are] pleased to have reached an agreement,” Uber spokeswoman told the Wall Street Journal.
Last year it was reported that Uber customers were being targeted by fraudsters in China, with affected users of the service highlighting on social media that their accounts were being charged for trips they had not taken.