WDY Blog - FTC

FTC: Uber Lied to Riders About Protecting Data

The U.S. Government is repeating itself: Uber lies. This time, it lied about protecting riders’ data.

(Last time it lied to drivers about how much they could earn).

The Federal Trade Commission alleges Uber lied to passengers and drivers when it said it was taking reasonable measures to protect their data security.

It wasn’t, says the government.


Specifically, according to the complaint, Uber said: “Uber has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data. The only exception to this policy is for a limited set of legitimate business purposes.”

Nope, says the FTC. Uber developed an ineffective system incapable of handling ongoing review of data access. Then, Uber didn’t follow up on automated alerts concerning potential misuse of consumer info.

Get this: Uber only regularly monitored account info belonging to internal high-profile users—like Uber executives.


Again, per the complaint, Uber said to riders: “Your information will be stored safely and used only for purposes you’ve authorized. We use the most up to date technology and services to ensure that none of these are compromised.

Nope, said the FTC.

Uber failed to provide reasonable security. Here’s what it actually did. Any and all data engineers used a single (not distinct) access key with full administrative privileges. Which was then publicly posted on a code-sharing website. Which allowed an intruder to gain access to consumers’ (drivers’) personal info. Which wasn’t encrypted, but instead written in plain text.

Uber could have prevented this episode through “relatively low-cost measures,” per the complaint.

Here’s Uber’s queasiest lie in the complaint: “I understand that you do not feel comfortable sending your personal information via online. However, we’re extra vigilant in protecting all private and personal information.”

No. No. No.

The FTC didn’t fine Uber this time. Instead, the US Government will monitor Uber’s treatment of data for the next 20 years.

In other words, they didn’t deduct Uber’s allowance. They brought in a babysitter.

No Comments

Post a Comment