Nov 19, 2014 · 2 minutes

The scandal over Uber's threats to target the personal lives of journalists continues to grow. Following Buzzfeed's initial report that a senior Uber exec had described a $1m campaign to smear and discredit Pando's Sarah Lacy, more journalists have spoken out about threats by the company.

San Francisco Magazine Senior Editor Ellen Cushing revealed earlier today that sources had warned her that Uber execs might try to use her rider account data to attack her. That thread is supported by this paragraph in Buzzfeed's report:

"The general manager of Uber NYC accessed the profile of a BuzzFeed News reporter, Johana Bhuiyan, to make points in the course of a discussion of Uber policies. At no point in the email exchanges did she give him permission to do so."
As David Holmes reported earlier, that NY general manager, Josh Mohrer, is showing very little remorse. Earlier he tweeted a photo of Uber NY staff dancing to Taylor Swift's "Shake It Off," with the caption "#Hatersgonnahate."


Still, the company has clearly realized that other people do care that Uber is accessing passenger data in order to smear or unnerve them. Earlier today, Uber published a new data protection statement on their company blog:

We wanted to take a moment to make very clear our policy on data privacy, which is fundamental to our commitment to both riders and drivers. Uber has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data. The only exception to this policy is for a limited set of legitimate business purposes. Our policy has been communicated to all employees and contractors.

Examples of legitimate business purposes for select members of the team include:

  • Supporting riders and drivers in order to solve problems brought to their attention by the Uber community.

  • Facilitating payment transactions for drivers.

  • Monitoring driver and rider accounts for fraudulent activity, including terminating fake accounts and following up on stolen credit card reports.

  • Reviewing specific rider or driver accounts in order to troubleshoot bugs.

The policy is also clear that access to rider and driver accounts is being closely monitored and audited by data security specialists on an ongoing basis, and any violations of the policy will result in disciplinary action, including the possibility of termination and legal action.

Uber’s business depends on the trust of the riders and drivers that use our technology and platform. The trip history of our riders is confidential information, and Uber protects this data from internal and external unauthorized access. As the company continues to grow, we will continue to be transparent about our policy and ensure that it is properly understood by our employees.