Uber has agreed to pay a $20,000 penalty and overhaul privacy and security practices to settle the New York attorney general's investigation into a security breach and the ride-share service's so-called God View tracking program.
The company will encrypt GPS tracking information, regularly assess its privacy and security practices, and restrict access to sensitive information to designated employees, state Attorney General Eric Schneiderman's office said Wednesday.
βThis settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,β Schneiderman said in a statement.
Uber did not immediately respond to a request for comment.
The settlement stems from Schneiderman's investigation of two incidents. In September 2014, an Uber employee posted information about the company's cloud storage system to Github, a software collaboration site. With that information, an outside party not associated with Uber accessed driver information, including names and drivers' license numbers.
The attorney general's office said the $20,000 penalty comes from Uber failing to report the data breach until months later, in February 2015.
The settlement also concerned Uber's real-time GPS tracking program, called "God View." The program gave Uber employees easy access to real-time movements of Uber drivers and passengers, along with their personal identifying information.
The investigation began after BuzzFeed reporter Johana Bhuiyan said she had been tracked without her permission by Uberβs New York general manager Josh Mohrer.
"Mohrer met her as soon she stepped out of her vehicle, saying 'There you are. I was tracking you,'" Schneiderman's office said.
Also on HuffPost:
