Lyft Investigating Anonymous Claim of Misused Customer Data

Lyft vehicle arrives at a promotional event on January 23, 2018 in Park City, Utah. Isaac Brekken/Getty Images

Ride-hailing company Lyft is investigating allegations that employees misused customer data, and potentially abused access to information like locations and phone numbers.

Lyft confirmed on Thursday that the company was looking into anonymous reports online that claimed Lyft engineers had the ability to track rides taken by specific people and pull contact information for any customer. Anonymous employees claimed that coworkers had tracked ex-partners and looked up rider ratings for high-profile executives. Lyft's legal and executive teams were not aware of the allegations, which were made by an unknown former or current employee online on Thursday.

The allegations were made on an app called Blind, which is used by former and current employees of companies to anonymously share information about a workplace.

In a posting on Blind, one Lyft employee said that coworkers were able to "check to see if their significant other actually went where they said, and stalk attractive people they've met" while using Lyft's ride-sharing service, Lyft Line, according to The Information.

"I've heard at least one employee brag about having Zuck's phone number from using our data," the person said, referring to Facebook CEO Mark Zuckerberg. "Another employee has bragged about collecting the info of Hollywood actresses and porn stars."

The misuse of private data is a fireable offense at Lyft. The company's system tracks look-ups, logging the names of employees who have looked at customer's information, to prevent unauthorized access.

"The specific allegations in this post would be a violation of Lyft's policies and a cause for termination, and have not been raised with our Legal or Executive teams," said a Lyft spokesperson in a statement to Newsweek. "We are conducting an investigation into the matter."

"Access to data is restricted to certain teams that need it to do their jobs. For those teams, each query is logged and attributed to a specific individual. We require employees to be trained in our data privacy practices and responsible use policy, which categorically prohibit accessing and using customer data for reasons other than those required by their specific role at the company."