2 min read

Uber's former head of security faces fraud charges after allegedly covering up data breach

Graham CLULEY

July 27, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Uber's former head of security faces fraud charges after allegedly covering up data breach

The former Chief Security Officer of Uber is facing wire fraud charges over allegations that he covered up a data breach that saw hackers steal the records of 57 million passengers and drivers.

This tangled story reaches back to 2016, when two hackers discovered that Uber software engineers had carelessly exposed the login credentials they used to access an Amazon Web Services account which resulted in the theft of sensitive data related to Uber customers and drivers.

Names, email addresses and phone numbers, as well as driving license details, were stolen in the heist.

The hackers contacted Uber's security team, demanding a $100,000 Bitcoin payment be made for the secure erasure of the data.

And it's at this point that things get very peculiar.  Because normally you would expect a business which has fallen victim to hackers, and had the data of third-parties stolen from its systems, to inform the authorities, tell the public about the incident, warn affected individuals, and brief regulators about the data breach.

What you wouldn't expect to happen is what is alleged to have happened: namely that Joe Sullivan, Uber's then security chief, allegedly covered up the hack and arranged to give money to hackers disguised as a payment from the business's bug bounty program, in exchange for their silence.

In short, Uber didn't tell the world, or the affected individuals of the data breach.

In fact, if the allegations believed, Uber's security chief ego meant he did not want to admit that there had been a security failure on his watch, and that he concealed the hack out of a desire to prevent drivers from defecting to Uber's rivals.

In this way, claim prosecutors, drivers were "defrauded" as they continued to share a proportion of their fares with Uber.

After news of the security breach ultimately (perhaps inevitably) became public knowledge a year or so later, Uberagreed to pay $148 million as a settlement for its concealment and poor handling of the incident.

The US Department of Justice this week, announced that it would not be prosecuting Uber over the data breach, after the firm "admitted to and accepted responsibility for the acts of its officers, directors, employees, and agents in concealing its 2016 data breach from the FTC."

In addition, Uber has agreed to maintain a comprehensive privacy program for 20 years, and is helping ongoing government investigations - including the criminal case against its former chief security officer, Joe Sullivan.

He may have thought he was acting to protect the company that employed him, but it seems Uber isn't prepared to return the favour.

Sullivan, who previously held a role heading up security at Facebook, faces up to 20 years in prison if convicted.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Cyberattack Disrupts 7-Eleven Stores in Denmark Cyberattack Disrupts 7-Eleven Stores in Denmark
Alina BÎZGĂ

August 10, 2022

1 min read
Leaky platform at Chinese adult platform exposed sensitive info of 14 million users Leaky platform at Chinese adult platform exposed sensitive info of 14 million users
Alina BÎZGĂ

August 08, 2022

1 min read
America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns
Filip TRUȚĂ

August 05, 2022

2 min read