The rivalry between ride-sharing companies Uber and Lyft continues, as Uber probes further into the identity of the hacker responsible for the company’s driver data breach.
In February, Uber announced that a hacker improperly downloaded the names and license numbers of about 50,000 of the company’s drivers. Shortly after announcing the breach, Uber filed a “John Doe” suit in federal court in San Francisco, alleging that the unknown hacker violated provisions of the federal Computer Fraud and Abuse Act. Uber then filed a subpoena request for Comcast’s records, claiming that an unidentified individual using a Comcast IP address had access to the security key that was used in the data breach. U.S. Magistrate Judge Laurel Beeler granted Uber’s subpoena request for Comcast’s records, reasoning that the records would be “reasonably likely” to help find the responsible hacker.
While Uber does not claim a direct connection between the Comcast address and the hacker, the company says that the address is associated with someone who has been “scraping driver data” from the Uber website. Uber has not made any specific accusations against Lyft, but sources say that the Comcast address belongs to Lyft’s Chief Technology Officer Chris Lambert. Lyft denied any involvement with the Uber data breach, and emphasized that the security key associated with the breach was available for months on code development platform GitHub.
Attorneys for the unnamed Comcast subscriber, from Bay Area law firm Boersch Shapiro LLP, have appealed Judge Beeler’s subpoena order to the 9th Circuit Court of Appeals. The subscriber’s attorneys say that Uber has improperly targeted their client when the security key was available to many others. Perkins Coie is representing Uber in this matter.
Outside of the courtroom, Uber and Lyft continue to engage in fierce competition to attract drivers. Last week, Lyft invited drivers to an event announcing new driver perks, including gas and rental car discounts. Shortly after Lyft’s invitation went out, Uber sent out an invitation for an event at the same time, promising $300 and free lunch for any driver that brought a friend to sign-up as a driver.
While it seems unlikely that either Uber or Lyft will stop its aggressive tactics any time soon, the two companies may be able to find common ground in another legal battle. Both companies are facing lawsuits from drivers who want to be classified as “employees” rather than “contractors.” As these driver suits mount, Uber and Lyft may see some benefit in joining forces.
Uber Investigates Connection between Data Breach and Lyft CTO (PDF)