2 min read

Former Uber Chief Security Officer Found Guilty of Covering Up Data Breach

Silviu STAHIE

October 06, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Former Uber Chief Security Officer Found Guilty of Covering Up Data Breach

Former Uber Chief Security Officer (CSO) Joseph Sullivan has been convicted of obstructing proceedings of the Federal Trade Commission (FTC) by covering up a massive data breach in 2016.

The Uber hack of 2016 remains noteworthy even today as it included records on approximately 57 million Uber users and 600,000 driver license numbers. Somehow, even with the size of the data breach, Sullivan's immediate actions regarding this cybersecurity incident are much more worrisome.

Uber hired Sullivan as its CSO in 2015, a year after hackers hit the company. It had gotten so bad that the Federal Trade Commission issued a Civil Investigative Demand against Uber that demanded information about any other unauthorized access to user personal information and the company's security practices.

As CSO, Sullivan testified under oath regarding Uber's data security practices and claimed the company took extra steps to secure users' data. But then Uber got hacked again.

“The hackers reached out to Sullivan directly, via email, on November 14, 2016," reads the press release from the US Attorney's Office for the Northern District of California. "The hackers informed Sullivan and others at Uber that they had stolen a significant amount of Uber user data, and they demanded a large ransom payment from Uber in exchange for their deletion of that data."

"Employees working for Sullivan quickly verified the accuracy of these claims and the massive theft of user data, which included records on approximately 57 million Uber users and 600,000 driver license numbers."

Instead of informing the FTC, Sullivan went to great lengths to cover up the incident. He reached out to the hackers and agreed to pay them $100,000 in bitcoin in exchange for signing non-disclosure agreements, promising not to reveal the hack.

For the next couple of years, Sullivan lied to lawyers, the FTC, and even the new CEO of Uber. The company eventually discovered the incident in late 2017 and reported the breach to the FTC.

Also, the two hackers who breached the company have been prosecuted in the Northern District of California after pleading guilty and are awaiting sentencing. The same goes for Joseph Sullivan, as he's free on bond pending sentencing.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read