Can you trust Uber with your data?

Why is Uber in trouble with the Australian government?

In 2017 it was discovered that hackers had stolen data from 57 million Uber customers around the world. 1.2 millions of these users were Australian citizens.

Hackers used employees’ usernames and passwords from previous breaches to access their GitHub repository. This allowed them to reach the account records of users and drivers. Uber paid a ransom of $100,000 to hackers, on the condition that they delete the stolen info. Moreover, Uber concealed the facts of the case and didn’t warn its users about the breach for almost a year.

Uber was fined over the incident back in 2018. Now, following further deliberations, the Australian Privacy Commissioner has issued a brutal condemnation of Uber’s shortcomings in the case. They’ve accused the company of failing to take proper preventative measures to protect the personal data of Australian citizens, and of breaching Australia’s Privacy Act of 1988.

In response, Uber stated that it had learned from its mistakes. Going forward, the company promised to improve its security, as well as creating a proper data retention and destruction policy.

What is Uber’s record on data privacy?

This wasn’t an isolated incident, sadly. Uber’s record is patchy when it comes to data management:

• Concerns have been raised on multiple occasions around the potential for Uber employees to monitor and track users without their consent. Between 2011 and 2014, particular issues surfaced involving “God View”, a feature that allowed employees without proper authorization to view the movements of celebrities and politicians who used Uber.
• Uber suffered a data breach back in 2015, in which names and license plate information from approximately 50,000 drivers were disclosed.
• Uber breached article 22 of GDPR by using algorithms to determine if certain employees could keep their jobs. Uber challenged the ruling, however, and the case was closed.

How can you protect your data?

The Australian case is nothing extraordinary; there have been many data breaches in the past. It just proves once again that large corporations don’t always protect your data.

The fact that the company is large and profitable doesn’t automatically mean that it undertakes proper security measures. So, instead of trusting others, make sure to protect yourself properly. Here are some tips:

• Minimize the amount of apps and services you use. Each of them introduces additional risks, especially if you hand your data off to them. So if you feel that a certain service is not really necessary for you, it’s best to avoid using it;
• Carefully review the permissions you give to the apps you use. Only enable the ones which are really necessary (if a fitness app or a phone game wants access to your contacts list, that’s a red flag);
• Use strong passwords and don’t recycle them. Using the same password for multiple accounts makes like a lot easier for the next hacker who targets you;
• Enable location tracking only when it is essential;
• If you aren’t happy with Uber handling your private data, you can delete Uber entirely, along with any other apps you don’t trust.