What Is Uber Keeping Quiet About? Sexual Assaults and a Data Breach for Starters

In an ideal world, companies would offer transparency to employees and the public, with everything being on the up and up. However, that is not always the case, which is why Terry Harman, an assistant district attorney for Santa Clara County in California, sent out a memo in February. The memo sent to Harman’s boss discussed her concerns over sexual assaults on Uber rides, which their office rarely sees coming across their desks. In fact, despite seeing hundreds of such cases each year, there was only one that involved an Uber driver.

While that might not sound concerning, she estimates riders in the county reported up to 60 sexual assault incidents to Uber in 2017 and 2018. Those estimates are based on data released by the company in its “safety transparency report” released in 2019. The report stated that Uber received nearly 6,000 reports of sexual assault on rides in 2017 and 2018, with over 1,240 complaints made in California.

But Uber handles these reports on its own, receiving, investigating, and handling any findings privately. According to Harman, “Uber has essentially carved out its own justice system.”

Local officials, including Harman and the mayor of San Jose, have appealed to Uber in hopes of having them report cases to the authorities, but the company declined to do so. According to Uber, the victims should control the disclosure of their experiences.

However, Uber clearly knows it has a problem since it shares data with Lyft about dangerous drivers.

The problem is not silent, either. While the cases are not reported to the authorities by Uber, lawsuits are being brought against the company with claims that it does not properly protect riders. There have been around 40 women who have filed such lawsuits since September 2021.

But this is not the first time the company has come under fire due to sexual assaults on Uber rides. In 2019, the California Public Utilities Commission went after the company for detailed information on such cases. However, Uber did not comply, and the state fined them $59 million. The case was later settled for $9 million.

Uber is quite adamant in its stance, but officials are still putting on pressure, hoping that the company takes steps to do more. At the very least, they want the company to explicitly explain the fact that they do not report sexual assault cases to the police to victims and that the victims must do so if they want an official investigation and potential prosecution.

But sexual assault is not the only news popping up around Uber at the moment. A jury just found Joe Sullivan, the former Uber security chief, guilty on two different counts after he failed to disclose a breach of customer and driver records.

The hack occurred in 2016 while the Federal Trade Commission was investigating a previous breach. At the time, Sullivan learned of another breach, which involved a hacker and his accomplice downloading personal information associated with 57 million riders and drivers. The hackers proceeded to extort $100,000 from him.

Sullivan paid the hackers and had them sign a nondisclosure, doing so under the guise of Uber’s bug bounty program, where “white hat” hackers receive compensation for reporting vulnerabilities.

However, the incident was not reported at the time, with prosecutors alleging it was to prevent the FTC investigation from being extended and hurting his reputation. Sullivan’s deliberate acts to keep others from finding out were also deliberate acts of withholding and concealing information.

Sullivan and those involved have since been fired from Uber.