Uber was ordered to pay a fine of $20,000 as settlement amount over a data breach which took place in 2014. The investigation started in November the same year and it initially concentrated on “God View”, a real time tracking system. The system utilized personal information for identifying riders.
Eric Schneiderman, the Attorney General of New York, ended the 14 month lengthy probe into the company's data protection practices. The fine is only for the breach of data. However the settlement also takes into account rider privacy. This is important as Uber is similar to a taxi service with one twist: the company helps people to book their rides via an app with any car owner who has signed a contract with Uber.
Uber, in this settlement, has consented to pay the $20,000 penalty for its failure when it came to report any unauthorized third party access to the personal information of drivers in time. The taxi company has consented to adopt tougher security and privacy practices. The list of such practices include encryption of geo-location data and password protection of both Uber drivers and riders. The information should be kept under restricted access and open only to designated employees with valid business purposes. Multi-factor authentication and a number of other protective technologies must also be added to secure any personal information.
Uber, in 2014, had discovered that a security breach had led to the exposure of data concerning 50,000 drivers all over the United States. Sensitive data was part of a proprietary tracking “God View” system. The ruling put to end the God View access once available to large number of employees. It told the location of the Uber cars. This factor came to light when Josh Mohrer, general manager of the company's New York unit. Told a journalist of him tracking the Uber ride. He also told her that he had accessed ride history logs even though she had not provided her permission. This situation led to Uber's security policies being investigated.
Uber has already confirmed that it has removed every personal identifiable information related to its riders from the system which offers the aerial view of vehicles active in city. The company has also pit in a restricted access for its employees when it came to querying data on passengers. It has also begun to audit the employee access to the personally identifiable information.