For everyone who keeps snagging a ride with UBER, we have a warning for you. Your personal data and information is not at all safe.
According to a newly surfaced lawsuit, Uber’s poor data security allowed its employees privately spy on people including high profile politicians and celebrities. Employees working with Uber even helped guys stalk their ex-girlfriends and gather information about their trip ride.
The lawsuit also accuses the company of barring any government agencies of accessing its data during raids on their offices.
All these allegations against Uber, the ride sharing giant comes from October 2016 in a lawsuit filed by the company’s own former forensic investigator, Samuel Ward Spangenberg.
Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.
Spangenberg wrote in a court declaration, signed in October under penalty of perjury.
In his court declaration, signed in October, Spangenberg points to a lack of effort on Uber’s part to protect private customer data, which comes in violation of “governmental regulations regarding data protection and consumer privacy rights.”
Uber’s former senior security engineer Michael Sierchio said, “When I was at the company, you could stalk an ex or look up anyone’s ride with the flimsiest of justifications, It didn’t require anyone’s approval.” Michael was Uber’s senior security engineer between early 2015 until June 2016.
Thousands of employees throughout the company, could get details of where and when each customer travels. Those revelations could be especially relevant now that Uber has begun collecting location information even after a trip ends.
Spangenberg is suing the San Francisco-based company for age discrimination (he’s 45) and whistleblower retaliation. He has worked information security jobs for a variety of tech companies. Uber tasked him with helping develop security procedures and responding to problems from around the world.
In addition to the security vulnerabilities, Spangenberg said Uber deleted files it was legally obligated to keep. And during government raids of foreign Uber offices, he said the company remotely encrypted its computers to prevent authorities from gathering information.
After beginning in March 2015, Spangenberg said he frequently objected to what he believed were reckless and illegal practices, and Uber fired him 11 months later.
Spangenberg has also pointed at Uber’s irresponsible treatment of its drivers’ information, including social security numbers, which could be accessed by all Uber employees, if they wanted.