Security at Uber is so lax that employees have been able to stalk politicians, celebrities including Beyoncé, and even ex-spouses through activity on the ride-hailing service’s app, a lawsuit alleges.
Ward Spangenberg, a former forensic investigator for Uber, filed a lawsuit earlier this year in the Supreme Court of California alleging the company discriminated against him on the basis of age, and retaliated against him for his whistleblowing activities.
“I complained that Uber did not have regard for data protection, including, among other items, that payroll information for all Uber employees was contained in a single unsecure Google spreadsheet,” Spangenberg said in a sworn statement filed in October.
Singer Beyonce was allegedly the victim of monitoring by Uber employees, a lawsuit alleges. (Photo: Brooks Kraft via Getty Images)
“I also reported that Uber’s lack of security regarding its customers’ data was resulting in Uber employees being able to track high profile politicians, celebrities and even personal acquaintances of Uber employees, including ex-boyfriends or ex-girlfriends and ex-spouses.”
The former Uber employee told the Center for Investigative Reporting (CIR) that singer Beyoncé was among those whose activities were monitored.
Concerns about privacy have been swirling around Uber for some time. Buzzfeed revealed in 2014 that the company has a tool called “God View” that shows the locations of cars and riders. The news site discovered this when a New York Uber exec tracked a Buzzfeed reporter ahead of their meeting for an interview.
“God View” is available to Uber employees, but not Uber drivers, who are technically contractors.
In the wake of those revelations, Uber said it took steps to tighten security. But five former Uber security employees told CIR that little changed after that announcement. Thousands of Uber employees have access to customer data.
Uber headquarters on August 26, 2016 in San Francisco, California. (Photo: Justin Sullivan/Getty Images)
“When I was at the company, you could stalk an ex or look up anyone’s ride with the flimsiest of justifications,” Micheal Sierchio, a former Uber security engineer, told CIR. “It didn’t require anyone’s approval.”
Uber’s privacy statement lists off numerous ways that Uber collects its customers’ data, including payment and location information, the type of phone used to hail the car, and even the names and numbers in your phone’s contact list, if you give the app permission to access that data.
In a statement to media, Uber said it is increasing its spending on security issues.
“We have hundreds of security and privacy experts working around the clock to protect our data,” the company said, adding it's enforcing rules that state access to customer data is for the purposes of job responsibilities only.
“All potential violations are quickly and thoroughly investigated,” Uber said.