My company has no formal business arrangement with Uber for Business but somehow they have sent out a communication to all of our Concur users (2000 users) asking them to join our company account. How did this happen without any authorization from our company to actually set up a business account with Uber and how does SAP Concur allow its partners to have this level of access.
We were considering using Uber for Business but this is not off to a good start.
I am sure you can understand that if we are going to commence using new technology in our business that we would like to do a staged implementation and provide advance warning to our users.
Are you saying that you have not formally arranged to have have Uber for Business set up for your employees? U4B is a trusted enterprize partner of SAP Concur which means they have had to pass a certain level of data security standards required by SAP Concur. The U4B product requires access to your Concur employee profiles, so that they can send the ride details to the employees report with receipt attached after each ride. They should have also told you that they use these profiles to send 3 emails to these profiles over 45 days encouraging user uptake. Day 1 the invite and how to download the U4B app, day 7 - a follow up reminder and day 45 - a final reminder. This should have been explained to you by the U4B rep to allow you to set up your internal communication and processes accordingly.
If as you say you have not entered into an arrangement with them, this is certainly a concern that they have done this.
That is a concern. Our company did enter into an agreement with Uber, but they didn't have automatic access to our email list. We had to give it to them. Since you are working with them toward a formalized agreement, I would recommend speaking with your sales rep to find out how they gained access to your list and why they contacted your employees without your prior approval. Is it at all possible that the email received by your employees is not actually from Uber? Perhaps your system was hacked and the email is from an unscrupulous entity?
Thank you for your input.
At Concur Fusion I talked to Uber about their offering and was very excited to set up a business account because there are multiple benefits to the user and to the company.
I was in discussions to enter an agreement but we hadn't finalized anything. We are extremely concerned and would like an answer from Concur as to how our data was shared with a third party. I am still trying to get answers from Concur as to why this happened.
As I recall, when we "signed" with them, it was actually just a matter of going onto their Portal and clicking here and there a few times. Not to trivialize it, but is there any chance you went on the portal and accidentally signed up?
Yes that is what happened. A user accidentally signed up however it should not result in a mass communication being sent to 10 different group companies that have absolutely no connection asking them to join Uber. As far as we are concerned Concur has a lot of explaining to do as to how our data has been shared with a third party that we don't have any formal arrangement with. It is a serious breach of a client's information.
Thank you for providing so much information. Yes that is the issue, I have only ever had conversations with the contact at Uber. We never agreed to set anything up. I am not how it is good idea to have a user that unknowlingly turns something on that is then company wide and communications then go out. We have very specific channels for corporate comms and this has been a disaster.
Hi Jocelyn - Agree, that shouldn’t have happened. I can assure you we at SAP Concur respect the privacy of our customers and their employees and require our business partners to adhere to our data security and privacy standards. I have alerted Uber and will update you when I have more information. When a company signs up for an Uber for Business account they do have the option to synchronize the onboarding message to their employees. But if that option wasn’t selected by the Concur admin within your organization, then further investigation is needed. Thanks for alerting us -- I’m looking into it and will contact you directly. In the meantime, I’d be happy to connect you with Uber technical support as well.
Thank you for responding. I look forward to discussing this issue with you at your earliest convenience as we are not confident that our data is secure and would like to know how it was released to a third party. I raised a ticket on this yesterday.