A former Uber employee is suing the company for age discrimination and whistleblower retaliation after exposing that Uber illegally deleted data showing it was tracking people.
“Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses,” Ward Spangenberg, who worked as a forensic investigator for the ride-sharing service, wrote in a court declaration.
One of the famous people who allegedly had their trip information searched for: Beyoncé.
Spangenberg, along with five former Uber security professionals, divulged the alleged incriminating details to Reveal from The Center for Investigative Reporting.
Uber was investigated in 2014 for a tool the company reportedly calls “God View,” which allows employees to follow customers in real time without their consent.
Bruce Schneier, a prominent security technologist, called the feature “creepy” in a CNN op-ed. (RELATED: Uber Forced To Pay Advocacy Group $2.38 Million For Not Picking Up Blind People)
While this news broke around two years ago, Spangenberg’s allegations go further, including systematic privacy encroachments and potentially illegal termination of certain data and employment.
“During my employment with Uber, I always took extreme caution to retain data which was the subject of any litigation holds. I never deleted any emails or crashplan logs, or any other information which belonged to Uber,” Spangenberg explained in the court filing. “In contrast, Uber routinely deleted files which were subject to litigation holds, which was another practice I objected to when reporting my concerns.”
The former employee alleges the company would remotely encrypt (or lock) its computers when foreign governments would raid offices for evading local regulations.
“I also reported that Uber lacked security regarding its storage of driver information, including social security numbers, which were available, again, to all Uber employees, without regard to any particular level of employment or security clearance,” the legal complaint continued.
Spangenberg, who is 45-years-old, says he was fired for protesting against these actions.
Michael Sierchio, senior security engineer at Uber from early 2015 until June of 2016, agrees with Spangenberg’s claims of poor privacy protections.
“When I was at the company, you could stalk an ex or look up anyone’s ride with the flimsiest of justifications,” Sierchio told Reveal News. “It didn’t require anyone’s approval.”
Uber vehemently disputes these contentions.
“We have hundreds of security and privacy experts working around the clock to protect our data,” Uber said in a statement. “This includes enforcing strict policies and technical controls to limit access to user data to authorized employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated.”
Uber has been in hot water before for alleged privacy violations and apparent disregard for protecting data.
“On September 17, 2014, we discovered that one of our databases could potentially have been accessed by a third party. Our investigation revealed that a one-time unauthorized access to an Uber database by a third party had occurred on May 12, 2014,” Uber said in a statement following the breach of more than 100,000 of its drivers’ personal information.
Only a month later, a senior executive at Uber seemed to suggest that the company should contemplate hiring investigators to dig up dirt on its critics in the media, according to BuzzFeed News.
And only a few weeks ago, Uber was accused of tracking users’ locations before and after they enter the vehicle since the app is often running on the background of mobile devices.
Send tips to firstname.lastname@example.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact email@example.com.