Uber and New York Attorney General Eric Schneiderman today settled a 14-month investigation into the ride-sharing company's privacy practices.

The AG's office in November 2014 opened an investigation into Uber's tracking tools, including "God View"an aerial map of riders' locations.

Separately, Uber in February notified the AG that as early as May 2014, the company experienced a data breach, in which driver names and license numbers were accessed by an unauthorized third party. The database intrusion impacted approximately 50,000 drivers across multiple states.

Today's settlement, which resolves both investigations, requires Uber to pay a $20,000 penalty for failure to provide timely notice to drivers and Schneiderman's office regarding the data breach. Moving forward, the ride-sharing service must also encrypt geo-location information and adopt multi-factor authentication, among other data security practices.

"This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle," Schneiderman said in a statement.

Uber's operations team maintains an aerial view of the real-time movements of its cars, to assist with tasks like balancing supply and demandwhich does not require the names and personal details of passengers.

The company opened its own investigation into New York-based General Manager Josh Mohrer in November, after BuzzFeed reporter Johana Bhuiyan accused Mohrer of using "God View" to follow her Uber car without permission. In the end, Uber took "disciplinary actions" for Mohrer's violation of company privacy policies.

Schneiderman has turned this settlement into a cautionary tale.

"I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers' and employees' private information," he said.

Further Reading

Mobile App Reviews