Support Skift’s Independent JournalismMake a Contribution Now
Ride service Lyft on Thursday asked a U.S. judge to prevent its biggest rival, Uber, from making further demands for confidential information, as part of a case about a data breach that affected as many as 50,000 Uber drivers.
In court documents filed in the litigation, Lyft called Uber’s data request an attempt “to conduct its own witch-hunt” and “to dig into its competitor’s internal, confidential and trade-secret information.”
Uber filed a civil lawsuit in San Francisco federal court early last year in an attempt to unmask the perpetrator behind a May 2014 hack, which resulted in as many as 50,000 of its drivers’ names and their license numbers being improperly downloaded.
The Lyft filings on Thursday came in a related class action lawsuit over the breach that was brought by an Uber driver. They mark the startup’s first public entry into the litigation over Uber’s data breach.
Uber is seeking information about the breach from a Lyft employee, according to the Lyft court filings.
Two sources told Reuters in October that a Comcast IP address had access to a security key that was used in the breach. The Comcast IP address was assigned to Lyft’s technology chief, Chris Lambert.
That IP address, however, was not the one that committed the breach. Lyft has said it has found no evidence that any of its employees were involved.
The Lyft employee Uber has subpoenaed over the breach has never been publicly named in court documents.
Uber has demanded a wide array of information from the Lyft employee, including communications the person had with any Uber drivers and passengers, web browsing activity around the time of the hack, and documents related to “any scraped, crawled, spidered, copied, downloaded or otherwise accessed from Uber’s computers, servers, or services.”
Lyft alleged on Thursday that Uber is using the litigation to collect “confidential and sensitive Lyft information” and said its requests are “abusive and harassing.”
Uber did not immediately respond to Reuters’ request for comment late Thursday. In court documents, Uber said, “We are not currently seeking anything under the custody or control of Lyft.”
Uber in 2014 discovered that someone downloaded its driver database, which should have been accessible only with a digital security key. A search for that key turned up a copy on the code-development site GitHub, where it had been left by mistake.
(Editing by Sandra Maler and Leslie Adler)