Uber’s vast lost property database has quietly revealed an inventory that reads like a Surrealist’s shopping list: butterflies, breast milk, a prosthetic leg, and a wedding dress are among the 130,000 items logged in the first quarter of this year alone. Sources confirm the company handed the data to British regulators as part of an ongoing safety and data handling audit.
The list, obtained by this desk through a Freedom of Information request, spans 18 categories ranging from phones and wallets to the distinctly odd. Seven hundred and fifty lost items were described as ‘intimate items’ including sex toys and lingerie. One passenger left behind 12 live butterflies in a box. Another abandoned a jar of breast milk. A third misplaced a human skull reclaimed by a medical school.
Regulators at the Department for Transport and the Information Commissioner’s Office are now scrutinising Uber’s internal reporting systems. The concern is not about the bizarre contents but the implications for passenger privacy and data retention. Uber holds detailed logs of every lost item matched to a trip, including pick-up and drop-off points, timestamps, and payment details. For the breast milk incident, that means authorities know exactly which journey a mother took to a neonatal unit.
Internal memos show Uber initially resisted providing the raw data, citing privacy concerns. But after pressure from the ICO, the company handed over an anonymised version. However, whistleblowers claim the anonymisation process was flawed: timestamps and location data can be triangulated to re-identify passengers.
“This is a treasure trove for any government agency or stray private eye,” said a former Uber trust and safety manager. “The company knows where you lost your phone, when, and who picked it up. They also know if you left your wedding dress at your mistress’s flat.”
The lost items list exposes a deeper fracture: Uber’s claim to be a neutral platform vs its actual role as a surveillance apparatus. Each forgotten butterfly, each dropped vial of breast milk is a data point that can be weaponised. The ICO is now investigating whether Uber has breached GDPR by not properly purging old lost item records. The company says it deletes data after 30 days, but sources inside the privacy team say “deleted” often means “hidden from view but still stored on backup servers.”
For British regulators, this list is not a novelty. It is a roadmap to compliance failures. The DfT is considering new rules requiring ride-hailing apps to log lost items only when a match is attempted, not as a default cargo manifest. Meanwhile, the ICO has demanded a full breakdown of how Uber shares lost item data with law enforcement. Last year, Uber handed over 10,000 lost item records to police without warrants.
One butterfly enthusiast who lost a box of rare specimens told this reporter: “I was mortified. But then I thought, at least the driver might release them.” He did not know that Uber kept a permanent record, complete with his route home.
The absurdity of the list belies a serious truth. In the hands of regulators, it is evidence. In the hands of a bad actor, it is a weapon. Uber still has not explained why it needs to keep records of lost breast milk for three decades. The company says it complies with all applicable laws. But as one ICO official put it: “The law was written before anyone thought to leave butterflies in an Uber.”
