For Swapnil Midha, a freelance content writer based in Chennai, the aural impact of the ringtone of a text message on her phone has changed forever. What earlier lead to curiosity and anticipation now perhaps annoys her, making her want to throw her phone away. And she has taxi-service aggregating app Ola to thank for her sleepless nights and irate days.
About three weeks ago, Midha used Ola for a long distance drive, and since then, she has been receiving text messages continuously from Ola. Until about 9am this morning, she says she has received between 300 and 400 text messages. And what did these messages contain? Names, addresses and phone numbers of Ola users in Bengaluru. Ola basically handed out private data of hundreds of its customers to Midha.
"It's lucky I'm not a psychopath roaming the streets of Bangalore, waiting to get my hands on people's personal information and knowing when they are home and when they are not, isn't it!" she writes on her Facebook page, lamenting on her horrid experience with Ola in the past few days.
Midha says that in spite of her speaking to Ola's customer service repeatedly, no action was taken.
I then called their call centre the next day to explain that there was probably some sort of bug and my number had somehow gotten into their highly cryptic message transmission systems, whatever secrets they were trying to transmit.
They assured me they would stop them right away. But my faith in their customer support was short lived. I received no further communication from them, no update, no email, just more garbled messages.
What followed were days of thorough frustration as my poor phone beeped nonstop to receive text after text after text after text of utter nonsense from Ola. I estimate a total of between 300 and 400 texts from them so far.
I reached out to them through every channel possible. I called their call centre at least 5 times, demanded to speak to the senior managers, and had to explain my problem each time in great detail, answering the same annoying questions.
It was all assurance and no action. They did not even explain to me what the problem was despite repeated requests. If they had, I would possibly have been more understanding.
She writes as to how even her emails did not work, pushing her deeper and deeper into frustration,
I wrote them several emails, only to receive lousy generic responses which made it evident that they haven't even tried to understand this problem. I sent them several screenshots and my emails got angrier by the day. It had NO effect whatsoever. I was losing sleep and peace of mind, with a steadily rising desire to flush my phone down the toilet.
Beyond Midha’s experience, this was also a serious breach of privacy by Ola, one which could bring into question the capability of the company to safeguard personal information. To spread awareness, Midha also posted some of the names of those whose data was leaked to her, along with the last 5 digits of their phone number.
Pranesh Prakash, Policy Director the Centre for Internet and Society, says that this has to be placed in the larger context of poor data security in India. “Most companies and organizations, including banks, have poor data security practices. There are scary stories of data breaches and many companies instead of rectifying the errors have the habit of going after those who point it out,” he says.
He also says that the laws are not good enough. “We need an office of privacy commissioner who can look into such cases and take suo motu action which is not possible under the present laws,” he adds.
Midha says Ola has informed her on Twitter that the problem has been fixed. They have also tried to reach out to her, but Midha says she has not been able to speak to them due to her busy schedule. The News Minute has reached out to Ola for a response, the story will be updated if and when they answer our queries.
In a company statement to TNM, Ola said "We have been trying to establish contact with the customer who reported this and have not been able to do so. There has been a manual error on the entry of a driver's device number on our system, which is deeply regretted. We have fixed this instance by deleting the number from our database and are putting in place a verification procedure as well to avoid such instances in the future."
"We value the privacy of our users and will continue to take utmost care in terms of data security on the Ola platform," it added.