cover-ups – Page 3 – Uber Scandals

August 15, 2017August 15, 2017

Driver names and license numbers improperly secured

In September 2014, Uber experienced a data breach resulting from an Uber engineer posting an access code which let an unauthorized third party accessed driver names and driver license numbers. Uber failed to notify affected drivers or the state of New York for seven months.

The New York Attorney General described the breach and Uber’s handling of the situation:

The Attorney General found that in early 2014 an Uber engineer posted an access ID for Uber’s third-party cloud storage on Github.com, a website designed to allow software engineers to collaborate. The post was accessible to the general public. On May 12, 2014, someone unaffiliated with Uber accessed the database that included Uber driver names and driver license numbers. Uber discovered the breach in September 2014 but did not provide notice to the affected drivers and Schneiderman’s office until February 26, 2015. General Business Law § 899-aa requires notice be provided to affected individuals and various government agencies including Schneiderman’s office “in the most expedient time possible and without unreasonable delay.”

As part of a settlement with the New York Attorney General’s office, Uber promised to implement multi-factor authentication for any employee could to access especially sensitive rider personal information, among other improved data security practices. Uber also paid a $20,000 penalty for failing to timely notify drivers and the State of New York.

A subsequent FTC investigation and settlement found that more than 100,000 drivers were affected. The FTC reported that in addition to 100,000+ names and driver’s license numbers, Uber also revealed 215 names and bank account numbers with routing numbers, and 84 names and security numbers. Furthermore, the FTC found that Uber’s efforts to notify affected drivers were piecemeal and incomplete: The company initially notified less than half of the drivers affected, whereas others were notified some 16+ months later.

August 14, 2017August 14, 2017

When Uber driver stole passenger’s bag, Uber falsely told police that the trip did not occur

Uber passenger Dane Wilcox reports the saga of a ride in an Uber in Boston. He told the driver he was leaving a bag in the passenger compartment as he unloaded luggage from the trunk — but then the driver drove off. When the driver didn’t return his calls or voicemails, he sought assistance from Uber and ended up filing a small claims lawsuit against Uber.

Meanwhile, in response to Wilcox’s police report, an officer tried to investigate, but Uber falsely told the investigating detective that the driver at issue had not worked for Uber for two years, and that the company had no record of the ride — both provably false. Based on these false statements which impeded the investigation, the small claims court awarded Wilcox the full $4000 he sought.

London police: Uber failed to report driver attacks

The Guardian reported a letter from the London Metropolitan Police’s taxi and private hire team, complaining that Uber failed to timely report drivers attacking passengers. “Had Uber notified police after the first offence, it would be right to assume that the second would have been prevented,” the letter explained. The letter said that Uber failed to report sexual assaults as well as an incident in which a driver “produced what was thought to be pepper spray during a road rage argument.”

August 7, 2017October 13, 2017

Knowingly leased recalled vehicles to drivers in Singapore

Uber knowingly leased recalled vehicles to its drivers in Singapore. A Wall Street Journal report (paid subscription required) describes a driver whose vehicle caught fire, due to the problem fixed by the recall, just after a passenger got out. WSJ explains:

News of the fire rippled through Uber’s Singapore office after its insurance provider said it wouldn’t cover the damage because of the known recall, emails show. Word reached Uber’s San Francisco executives two days later, emails show.

Uber’s lawyers in Singapore began assessing the legal liability, including possibly violating driver contracts for supplying faulty cars and failing to immediately inform the Land Transport Authority about the defective cars, emails show. “There is clearly a large safety/responsible actor/brand integrity/PR issue” for Uber, an internal report read.

Additional coverage from TechCrunch.

June 20, 2017June 20, 2017

Deleted files subject to litigation holds

Former Uber employee Samuel Spangenberg alleged that Uber routinely deleted files which were subject to litigation holds (a required legal procedure designed to preserve documents relevant to pending litigation).

June 20, 2017June 20, 2017

Obstructed government raids

Former Uber employee Samuel Spangenberg alleged that when regulators raided local Uber offices, Uber’s standard response included severing all network connections so that law enforcement could not access documents stored on Uber servers outside the premises.

June 20, 2017June 20, 2017

City managers told drivers to disguise themselves to avoid enforcement by MIA airport police

In response to enforcement by airport police at Miami International Airport, Uber’s Miami city managers advised drivers to conceal themselves from airport police:

This is an important message from Uber Miami for our valued partners in South Florida about serving South Florida airports, including Miami International Airport. There have been some instances of partners receiving tickets for picking up or dropping off Uber riders at the airport.
While we continue our discussions with authorities on ways to develop a long-term solution, here are a few things you can do to make the pickup and drop off experience more enjoyable for both you and the rider:
– Keep your Uber phone off your windshield – put it down in your cupholder
– Ask the rider if they would sit up front
– Use the lanes farthest from the terminal curbside for pickup and drop off

June 14, 2017March 12, 2018

Escort bar visit cover-up

Uber employees visited a South Korean escort bar.

When one member of the party later complained, Uber SVP of Business Emil Michael contacted Gabi Holzwarth (who had been dating Kalanick at the time) — asking that she tell anyone who asked that it was just karaoke. She refused, taking his request for a cover-up as impetus to discuss the incident publicly.

Details from The Verge.

June 14, 2017July 16, 2017

Underpaid New York drivers

By retaining commissions 2.6% beyond the amount specified in the applicable contract, Uber underpaid drivers in New York. Jim Conigliaro, founder of the Independent Drivers’ Guild, called Uber’s actions “theft.” Engadget reported that the amount averaged $900 per driver, yielding a total overcharge of more than $40 million.

2015 contract revisions indicate that Uber knew it was wrongly taking commission on gross fares, thereby overcharging drivers, though the company denied that allegation.

June 14, 2017August 25, 2017

Ignored employee reports of sexual harassment

Former Uber software engineer Susan Fowler posted a 4,000+ word report of her experience reporting sexual harassment at Uber. Among other problems, she reported multiple senior managers failing to take action on the problems she reported — and retaining the employees who engaged in misconduct.