Uber’s Former Security Chief Convicted of Covering Up 2016 Data Breach

Image for article titled Uber's Former Security Chief Convicted of Covering Up 2016 Data Breach

Photo: ROBYN BECK/AFP (Getty Images)

A federal jury has convicted Uber’s former safety chief of prices associated to a 2016 cover-up involving the ride-share big, in response to journalists current within the courtroom.

Joe Sullivan, who was discovered responsible of 1 depend of obstruction and one depend of misprision of a felony on Wednesday, helped to hide an enormous 2016 knowledge breach from authorities, whereas additionally obstructing a Federal Trade Commission investigation.

Sullivan’s troubles started within the fall of 2016, when two cybercriminals managed to compromise an Amazon knowledge storage server operated by the corporate and stole personally figuring out data on some 600,000 Uber drivers, in addition to roughly 57 million customers of the ride-share app. The hackers then contacted Sullivan through electronic mail in an try and extort the corporate for $100,000.

To complicate issues, Uber was being investigated by the FTC for a earlier hacking incident on the time of the breach. Sullivan secretly paid off the hackers through the corporate’s bug bounty program after which later mislead federal investigators about what had occurred.

Under Sullivan’s watch, the general public was by no means notified concerning the incident, even if the criminals had stolen customers’ names, cellphone numbers, and electronic mail addresses. Uber drivers’ license numbers have been additionally stolen.

Federal prosecutors alleged that Sullivan subsequently tried to “conceal, deflect, and mislead the Federal Trade Commission about the breach.” Sullivan’s prices stem from the cover-up, not the payoff—a observe that has develop into more and more widespread in recent times.

A former federal prosecutor turned company cybersecurity guru, Sullivan took over safety at Uber after working an identical stint at Facebook and different high-level positions in Silicon Valley. Sullivan helmed operations on the international ride-share agency till November of 2017, when Uber’s new safety chief, Dara Khosrowshahi, took over. After Khosrowshahi found what had occurred, Sullivan was subsequently fired, together with different members of the safety crew.

The hackers behind the episode have been in the end arrested and charged in reference to the incidents. They pled guilty to associated crimes in 2019.

The case has decidedly break up these within the cybersecurity neighborhood. The New York Times reports that this might be the primary time {that a} safety government was held responsible for a hacking incident on this manner. The episode might in the end set a brand new precedent for future circumstances through which CISOs should face authorized penalties over knowledge breaches. Some safety professionals have recommended that Sullivan was “scapegoated” for the incident.

#Ubers #Security #Chief #Convicted #Covering #Data #Breach

Leave a Reply