cancel
Showing results for 
Search instead for 
Did you mean: 
jocelynfleur
Routine Member - Level 1

Uber for Business - Warning - Breach of Privacy

My company has no formal business arrangement with Uber for Business but somehow they have sent out a communication to all of our Concur users (2000 users) asking them to join our company account. How did this happen without any authorization from our company to actually set up a business account with Uber and how does  SAP Concur allow its partners to have this level of access.

We were considering using Uber for Business but this is not off to a good start.

I am sure you can understand that if we are going to commence using new technology in our business that we would like to do a staged implementation and provide advance warning to our users.

 

13 REPLIES 13
RichardG
Routine Member - Level 3

Hi Jocelyn,

Are you saying that you have not formally arranged to have have Uber for Business set up for your employees?  U4B is a trusted enterprize partner of SAP Concur which means they have had to pass a certain level of data security standards required by SAP Concur.  The U4B product requires access to your Concur employee profiles, so that they can send the ride details to the employees report with receipt attached after each ride.  They should have also told you that they use these profiles to send 3 emails to these profiles over 45 days encouraging user uptake.  Day 1 the invite and how to download the U4B app, day 7 - a follow up reminder and day 45 - a final reminder.  This should have been explained to you by the U4B rep to allow you to set up your internal communication and processes accordingly.

If as you say you have not entered into an arrangement with them, this is certainly a concern that they have done this.

 

Kind regards

Richard Grigg
Assistant Director, Business Services
Australian Bureau of Statistics
tjbmoreno
Routine Member - Level 2

That is a concern.  Our company did enter into an agreement with Uber, but they didn't have automatic access to our email list.  We had to give it to them.  Since you are working with them toward a formalized agreement, I would recommend speaking with your sales rep to find out how they gained access to your list and why they contacted your employees without your prior approval.  Is it at all possible that the email received by your employees is not actually from Uber?  Perhaps your system was hacked and the email is from an unscrupulous entity?

Terri Moreno
Looking for new opportunities!
Anaren, Inc. - Travel Manager - Syracuse, NY
jocelynfleur
Routine Member - Level 1

Hi

Thank you for your input.

At Concur Fusion I talked to Uber about their offering and was very excited to set up a business account because there are multiple benefits to the user and to the company.

I was in discussions to enter an agreement but we hadn't finalized anything. We are extremely concerned and would like an answer from Concur as to how our data was shared with a third party. I am still trying to get answers from Concur as to why this happened.

tjbmoreno
Routine Member - Level 2

As I recall, when we "signed" with them, it was actually just a matter of going onto their Portal and clicking here and there a few times.  Not to trivialize it, but is there any chance you went on the portal and accidentally signed up?

Terri Moreno
Looking for new opportunities!
Anaren, Inc. - Travel Manager - Syracuse, NY
RichardG
Routine Member - Level 3

We were the same @tjbmoreno - there was nothing "formal" because they were an App Centre partner. What does the first email instruct your staff to do? It usually contains instructions on how to set up your organisation's U4B profile. I would contact your U4B rep to clarify your status with them.

Kind regards
Richard Grigg
Assistant Director, Business Services
Australian Bureau of Statistics
jocelynfleur
Routine Member - Level 1

Hi Richard

Thank you for providing so much information. Yes that is the issue, I have only ever had conversations with the contact at Uber. We never agreed to set anything up. I am not how it is good idea to have a user that unknowlingly turns something on that is then company wide and communications then go out. We have very specific channels for corporate comms and this has been a disaster.

 

jocelynfleur
Routine Member - Level 1

Yes that is what happened. A user accidentally signed up however it should not result in a mass communication being sent to 10 different group companies that have absolutely no connection asking them to join Uber. As far as we are concerned Concur has a lot of explaining to do as to how our data has been shared with a third party that we don't have any formal arrangement with. It is a serious breach of a client's information.

rkelley
SAP Concur, Former Employee

Hi Jocelyn - Agree, that shouldn’t have happened. I can assure you we at SAP Concur respect the privacy of our customers and their employees and require our business partners to adhere to our data security and privacy standards. I have alerted Uber and will update you when I have more information. When a company signs up for an Uber for Business account they do have the option to synchronize the onboarding message to their employees. But if that option wasn’t selected by the Concur admin within your organization, then further investigation is needed. Thanks for alerting us -- I’m looking into it and will contact you directly. In the meantime, I’d be happy to connect you with Uber technical support as well.

jocelynfleur
Routine Member - Level 1

Hi

Thank you for responding. I look forward to discussing this issue with you at your earliest convenience as we are not confident that our data is secure and would like to know how it was released to a third party. I raised a ticket on this yesterday.

RichardG
Routine Member - Level 3

We were definitely made aware of the data synchronization by U4B and agreed for it to be done. U4B either syncs all users or none at all, so I'd also like to know how the conversation between that user and U4B went too.

Kind regards
Richard Grigg
Assistant Director, Business Services
Australian Bureau of Statistics
jocelynfleur
Routine Member - Level 1

Hi Richard,

I will definitely keep you posted but sadly still no explanation from Concur or Uber.

RichardG
Routine Member - Level 3

Thanks Jocelyn - I am very interested in how this occurred.

Kind regards
Richard Grigg
Assistant Director, Business Services
Australian Bureau of Statistics
jocelynfleur
Routine Member - Level 1

You and me both. I need a response for our leadership.