Uber has been doing some digging to find out who was behind the breach of drivers’ login and license plate information last year, but the legal investigation has taken an unexpected turn that hints at the possibility of corporate espionage.
Two IP addresses of Lyft’s chief technology officer Christ Lambert were linked to a security key used to improperly download nearly 50,000 drivers’ personal information in March, Reuters reported.
Uber disclosed the May 2014 breach earlier this year, which has spurred lawsuits against the on-demand driver service. The company filed its own federal suit soon after to help uncover the perpetrator’s identity. However, there is no clear connection between Lambert’s computer and the breach. According to court documents, a different IP address that doesn’t belong to the Lyft executive was used to in the hack.
Lyft, which is valued at $2.5 billion or one-twentieth of Uber, has denied any wrongdoing and said an internal investigation didn’t turn up evidence of a Lyft employee tapping into Uber’s driver database. The company however hasn’t commented on the IP addresses Uber linked to Lambert and a stolen security key used in the breach.
Uber’s lawsuit falls under the Computer Fraud and Abuse Act, a notably broad federal statute that prohibits unauthorized computer access and has been used to convict hackers — malicious and benign. President Barack Obama announced plans to update the law in the State of the Union address earlier this year.
But the law and the White House’s proposed revisions have been criticized for criminalizing any digital behavior done without clear consent and could lead to harsh convictions for seemingly innocuous behavior such as logging onto a friend’s computer months after you first asked for the password.
The 29-year old statute is also at the center of the Justice Department’s investigation into allegations of St. Louis Cardinal’s employees hacked Houston Astros’ players’ personnel data.
The FBI found evidence in 2014 that Cardinals officials accessed an Astros’ database with internal communications about player trades, scouting reports, and team statistics. Charges are pending against at least one Cardinal employee.