Uber To Settle With N.Y. Attorney General Over ‘God View’ Privacy Breach

January 7, 2016, 2:07 AM UTC
Uber At $40 Billion Valuation Would Eclipse Twitter And Hertz
The Uber Technologies Inc. logo is displayed on the window of a vehicle after dropping off a passenger at Ronald Reagan National Airport (DCA) in Washington, D.C., U.S., on Wednesday, Nov. 26, 2014. Uber Technologies Inc. investors are betting the five-year-old car-booking app is more valuable than Twitter Inc. and Hertz Global Holdings Inc. Photographer: Andrew Harrer/Bloomberg via Getty Images
Photograph by Andrew Harrer — Bloomberg via Getty Images

After a 14-month long investigation, New York Attorney General Eric Schneiderman is expected to announce on Thursday a settlement involving ride-hailing app Uber’s privacy practices, according to a report from BuzzFeed.

The inquiry began after a series of BuzzFeed reports that revealed that Uber’s New York manager, Josh Mohrer, had accessed information about reporters’ use of the service without their permission, including through the company’s “God View” tool. The tool shows an aerial view of all passengers and drivers in a particular area.

SIGN UP: Get Data Sheet, Fortune’s daily newsletter about the business of technology.

Around the time of of the Uber dust-up, rival Lyft also updated its privacy policy and practices following a report from Re/code that a Lyft executive had accessed one of its own journalists’ data.

As part of the settlement, Uber will pay $20,000 in fines for failing to report unauthorized third-party access to drivers’ personal information until months after discovering it. This is related to a data breach that occurred in May 2014, after an Uber engineer unknowingly posted online login information for a private database containing driver information. Uber discovered this a few months later, in September, when a former employee from a competitor revealed the problem, according to the report.

WATCH: For more on Uber’s data breach, watch this Fortune video:

As part of the planned settlement, Uber has also agreed to make changes to its privacy and security practices, according to Buzzfeed. This would include password-protection and encryption for the location data of passengers and drivers, limiting employee access to the data, and adding more security tools to protect personal information. As BuzzFeed notes, much of Uber’s new policy on accessing passenger data was included in an update to the company’s privacy policy issued a day after reports of an Uber executive’s comments about doing research on journalists.

Uber also agreed to notify the Attorney General’s office if it begins to collect GPS data from customers’ smartphones when they’re not using the app, something the company claims it doesn’t do, according to BuzzFeed.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward