Back to Blog

Lyft and Uber Have More in Common Than Ride-Sharing: Data Leaks


Rideshare rivals Uber Technologies and Lyft appear to have more in common these days than just being the top contenders in today’s increasingly popular rideshare services industry. In the last year, both businesses have fallen victim to internal data leaks, resulting in the release of sensitive corporate documentation to public forums. Each leak contained information about projected and current revenue streams, as well as rather unflattering comments and opinions about the competitor's business model and reputation.

Lyft Investor Presentation Leaked

The latest leak in the world of ridesharing has hit current industry runner up Lyft. On March 12, 2015, a 40-page document that was prepared for the company's most recent $530 MM fundraising round was leaked to the public. The information originally intended for investors eyes only included:

  • recent & projected revenue

  • rideshare figures

  • marketing costs

  • other sensitive business data

According to Bloomberg, one of the most shocking elements released in the report is the amount of money Lyft is apparently willing to spend in an effort to gain on their number one competitor and market leader- Uber. With a significant amount of the company's revenue going toward marketing- $150 MM going to customers and another $50 MM towards new drivers- Lyft is clearly focused on growing the business, and it’s working.

SecureDocs Tip: While Lyft has successfully raised $530 MM in their latest series E funding round despite the presentation leak, they would be wise to implement a more secure method of sharing their confidential documents the next time around. Perhaps doing so would improve investor relations and even help them close the gap that currently exists between frontrunner Uber and themselves.

Uber Technologies Suffers Multiple Data Leaks

Over the past few years, Uber Technologies has had private information leaked time over time, giving cause for concern by many employees and customers about the company’s commitment to security and privacy- or rather lack thereof.

In November of 2013 TechCrunch reported that an Uber Technologies employee reportedly leaked a confidential image showing company financial information that communicated an expected $1B Gross and $213M Revenue stream for the company that year. The image was leaked directly from an internal administrative console.

The screen grab gave further detail into a 6 week time period that revealed the company made $22 Million in revenue during a one week period, more than 100,000 trips a week, and disclosed that San Francisco was the most active user location with 70,000 active users one week in December of 2013 according to Bloomberg.

Fast forward to May 13, 2014, just six months after the company's financial information was leaked, Uber suffered an additional breach. This time it wasn’t just financial figures that were compromised. Instead, it was the company employee’s information that was attacked. What was arguably more concerning than even the data breach itself was that the Uber was unaware of the attack until four months later! On September 17, 2015, the company finally discovered that an outside party had hacked personal information of 50,000 drivers and began to take steps to quell the situation.

SecureDocs Tip: Internal Data breaches, intentional or not, occur more often than originally thought. Companies can protect their confidential documents by using software with features like watermarking and audit logs.

Aftermath of Data Leaks

Uber and Lyft are both venture backed companies whose scalability depends on funding from investors. Their success depends on consumer interest. Ultimately both are dependent on trust. Trust that company operations are under control. Trust that any information that is meant to remain private does so. And trust that when something out of their control goes awry it will be handled in an efficient and appropriate manner.

After being repeatedly criticized for their lack of attention to privacy and security Uber, has taken steps to repair their reputation since the breaches of 2013 and 2014. In a statement released by Uber in January 2015, they acknowledged many of their shortcomings.

“While Uber is encouraged by these findings, we fully acknowledge that we haven’t always gotten it right.”

-Uber, January 2015 

They offered all employees whose information was compromised one year of identity theft protection and pledged to continue to improve and audit their company privacy and data security practices. Focusing on areas like transparency, internal access controls, vendor management and third-party disclosures, and data retention.

In the end Uber and Lyft are both privately held companies that do not “intentionally” disclose financial information to the public, nor are they required to. They are both growing at tremendous rates, and mistakes happen. However, with a multitude of tools out there that are readily available, and can be easily adopted and implemented to protect companies from these types of issues, why do these avoidable breaches still occur? You tell me! Please share your thoughts and comments below.

A CFO's definitive guide to document retention