Uber has agreed to pay a fine and adopt more stringent privacy practices as part of its settlement with the New York Attorney General's office, according to BuzzFeed News. If you recall, the Attorney General's investigation was triggered by BuzzFeed reporter Johana Bhuiyan's interaction with Uber's New York general manager Josh Mohrer in 2014. Bhuiyan said Mohrer admitted to tracking her Uber ride and event sent her logs of her trips, which were collected without her express permission. During the course of her investigation, former employees revealed that Uber's corporate employees can all access those information using the company's "God View" app.
The probe eventually started looking into a data breach that compromised its drivers' personal info, as well. According to the settlement documents BuzzFeed obtained, one of Uber's engineers posted an access key to the third-party cloud service the company uses on GitHub. The San Francisco startup discovered the data breach in September 2014 when a competitor's ex-employees divulged that they had access to an Uber security key. However, the issue was only reported to authorities on February 26th, 2015. Since companies are required to report data breaches "in the most expedient time possible and without unreasonable delay," Uber has been ordered to pay a relatively tiny $20,000 fine.
To settle the God View app issue itself, the company has limited its access to employees that have legitimate purposes. It has also purged riders' identifiable details from its system, according to the settlement docs. Finally, it has promised to tell the Attorney General's office if it ever starts collecting GPS information from mobile devices even when the app isn't open.
[Image credit: Justin Chin/Bloomberg via Getty Images]