The probe began after an executive made comments suggesting the company could tap into its data to track the whereabouts of specific riders. In addition, Uber later disclosed a 2014 breach of its computer systems that exposed the information of 50,000 drivers on the service.
A spokesperson for Uber said the company had adopted all of the privacy measures requested by the attorney general prior to reaching the settlement. They included a privacy audit and limiting employee access to the location and other personal information of riders.
The settlement ensures Uber will be legally bound to take specific steps to protect user data, including encrypting GPS-based location information and authenticating any employee who must access that data for a business purpose.
In the settlement, the company admitted that it failed to notify drivers whose names and drivers-license numbers were taken in a security breach until more than five months after Uber discovered the incident. The breach happened in May 2014 and was discovered by Uber in September 2014. Uber did not disclose the breach to drivers or the public until February 2015.
The breach affected drivers in many states, but so far, New York is the only one known to have investigated Uber’s handling of the breach.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now