Uber has settled with federal regulators that accused the start-up of "deceptive privacy and data security claims."
More than 100,000 names and driver's license numbers were stolen in a 2014 data breach of Uber's database, operated by Amazon Web Services. The Federal Trade Commission said the company could have made low-cost attempts, like using multi-factor authentication, to prevent the breach.
Plus, the FTC said, the ride-hailing start-up stopped using an automated system for monitoring employee access to consumer data after less than a year.
"Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees' access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data," Maureen Ohlhausen, acting chairman of the FTC, said in a statement. "This case shows that, even if you're a fast growing company, you can't leave consumers behind: you must honor your privacy and security promises."
Uber agreed to privacy audits for the next 20 years and will be implementing a new privacy program as part of the settlement.
"The complaint involved practices that date as far back as 2014. We've significantly strengthened our privacy and data security practices since then and will continue to invest heavily in these programs," an Uber spokeswoman said. (Uber's settlement states that it "neither admits nor denies" any of the allegations.)
This isn't the first time that Uber's faced scrutiny over its privacy practices. The company was fined $20,000 at the beginning of last year after a New York investigation into the company's "God view" tool.
The existence of the "God View" tool was reported by BuzzFeed's Johana Bhuiyan (now at Recode). Bhuiyan hailed an Uber on the way to meet with an Uber executive, and when she arrived, she said she was told that the executive had been "tracking her." Emil Michael, formerly one of the top executives at Uber, also suggested in 2014 that Uber executives could dig up information on journalists.
New York Attorney General Eric Schneiderman investigated the tool, which allowed executives to view to riders' locations in an aerial view. That settlement required Uber to encrypt rider locations, adopt multi-factor authentication.
The latest tussle with regulators comes at a tumultuous time for Uber, which is without a chief executive amid the fallout from a sexual harassment investigation within the company.