Ex-Uber Security Chief Guilty in Concealing Data Breach That Affected Millions
(TargetLiberty.org) – Millions of people around the world use Uber’s services. The company makes it easy for people to find a ride no matter what time of the day or night with just a few clicks on an app. While it was definitely a smart idea, there have been problems within the corporation for quite some time. Passengers have complained of being sexually assaulted or harassed by drivers. The contractors who agree to drive for the service have complained about the treatment they have received. Then there was a massive data breach covered up by the corporation.
The breach impacted millions of people. Now, a jury has convicted the company’s former security chief in connection with the leak.
On Wednesday, October 5, the US Attorney’s Office for the Northern District of California issued a statement about the conviction of Joseph Sullivan, Uber’s former chief security officer. A federal jury found him guilty of misprision of a felony and obstructing the Federal Trade Commission’s (FTC) proceedings.
The case surrounded two hacks of Uber’s databases in 2014 and 2016. Sullivan was hired In 2015 to head up security after disclosing to the FTC that the company was the victim of an ongoing data breach that occurred in 2014. The incident exposed the information, which included driver’s license numbers, of about 50,000 people. The federal agency immediately launched an investigation into the company’s security practices.
The next year, in November, Sullivan testified under oath about Uber’s data security practices and steps the company was taking to keep information safe. Ten days later, there was a malware attack. Hackers demanded a ransom in exchange for the stolen personal information of roughly 57 million users.
Instead of informing the FTC, the security chief hatched a plot to hide it from the feds. He then paid the hackers and tried to get them to sign nondisclosure agreements, but they refused to provide their names. Nonetheless, Sullivan gave them $100,000 in bitcoin. Eventually, he learned the identities of two of the people involved, but instead of reporting them to the police, he had them sign NDAs. The hackers were later prosecuted and pleaded guilty.
Not only did Sullivan hide all of it from the FTC, but also from Uber’s legal department. The following year, a new management team discovered the breach and the coverup attempts. The security chief tried to lie about it, but the company reported it to the FTC and the public.
Sullivan is facing up to 8 years in prison but remains free until his sentencing date, which has not yet been set.
Copyright 2022, TargetLiberty.org