A former employee of ride-sharing company Lyft has claimed that company staffers used a program to view the personal details and drop-off coordinates of Lyft passengers.

TechCrunch reports that a former Lyft employee has revealed a number of details about the company, including information on how the company spies on their passengers. According to the former staffer, a company backend that was open to a large number of employees at Lyft allowed them to see intricate details of their drivers travel patterns and personal details. The former employee said that they could “see pretty much everything including feedback, and yes, pick up and drop off coordinates.”

When asked if this system was abused by staffers on a regular basis, the former employee replied, “Hell yes. I definitely looked at my friends’ rider history and looked at what drivers said about them. I never got in trouble.” This was confirmed by another former employee on the private company discussion app Blind — the employee corroborated claims that access to users personal data was widespread and regularly abused.

Access to the backend was apparently logged and certain actions were flagged, such as repeatedly searching the details of a single Lyft user, but rules were so rarely enforced that many paid no attention to them. Lyft spoke to TechCrunch explaining why their employees made need access to this information as part of their daily work, members of teams in data analytics, engineering, customer support, insurance and the trust and safety team use this backend on a daily basis according to Lyft. The company also stated that there had been enforcement of the rules in the past and they are currently investigating abuse of the system:

Maintaining the trust of passengers and drivers is fundamental to Lyft. The specific allegations in this post would be a violation of Lyft’s policies and a cause for termination, and have not been raised with our Legal or Executive teams. We are conducting an investigation into the matter. Access to data is restricted to certain teams that need it to do their jobs. For those teams, each query is logged and attributed to a specific individual. We require employees to be trained in our data privacy practices and responsible use policy, which categorically prohibit accessing and using customer data for reasons other than those required by their specific role at the company. Employees are required to sign confidentiality and responsible use agreements that bar them from accessing, using, or disclosing customer data outside the confines of their job responsibilities.

Details of Lyft’s user monitoring system are quite similar to Uber’s “God View” program that was revealed in 2014. This program let Uber staffers see in-depth details about riders and their trips and ultimately led to an investigation by the New York Attorney General’s office. The Attorney General eventually struck a deal with Uber that insisted they limit the use of the program to certain employees and enable multi-factor authentication to access the program.