×

Uber to beef up security team in push to strengthen data safety

Uber, the ride-hailing service provider, is to significantly expand its security team as it seeks to soothe worries about data privacy, defend against hackers and even protect its offices and employees from physical attack.

The group, most recently valued at about $50bn, plans to end the year with more than 100 staff in its security team, an increase from about 25.

French taxi drivers burn tires as they protest against UberPOP in Marseille in June.
Anne-Christine Poujoulat | AFP | Getty Images
French taxi drivers burn tires as they protest against UberPOP in Marseille in June.

Joe Sullivan, a former federal prosecutor of cyber crime, was appointed as chief security officer in April, just months after Uber was criticised for how it handled data. In February, it said the personal information of about 50,000 Uber drivers had been accessed in a data breach by an unknown party.

Mr Sullivan was poached from Facebook, where he was chief security officer for five years. He and his team have responsibility for physical security, trust and safety including investigating incidents with drivers, as well as cyber security. The issues it handles are as disparate as vetting driver identities, to protecting staff attending court hearings about whether Uber can legally operate in certain jurisdictions.

"The thing I'm most excited about is we can use technology to improve all four areas [of responsibility] at the same time," said Mr Sullivan.

Uber employees might need protection as they could be "polarising figures in their communities", Mr Sullivan said. The company has faced battles with taxi drivers, including high-profile clashes on the streets of Paris, and governments, such as New York City Mayor Bill de Blasio's failed attempt to limit the number of Uber drivers last month.

Just last week, police raided Uber's Hong Kong office in an operation that led to the arrest of five drivers who are accused of driving without the required permits and insurance, according to local media.

Late last year, a company executive, Emil Michael, sparked controversy when he was quoted saying Uber should hire private investigators to launch smear campaigns against journalists critical of the group, accessing their profiles to discover information on their movements.

More from the Financial Times:

Mr Sullivan said Uber had already been working on securing data before he arrived, assessing who had access to customer data, for how long and for what purpose, to reduce the potential for abuse.

"Every company is a data company now, no one can be unsophisticated. The challenge is half the company needs access to customer data some of the time — it is not just customer support, it is marketing, engineers as they iterate, communications when they need to figure out what happened in an incident," he said.

To solve this problem, he said, access to data are monitored with random auditing that seeks to detect, for example, if someone on the city team in New York is looking up accounts in California, or if someone is trying to access accounts belonging to celebrities.