Uber headlines: Uber’s ex-security chief was found guilty of covering up a major data breach in 2016

From Engadget:

Joseph Sullivan, who used to serve as Uber’s security chief, was convicted of federal charges for hiding a 2016 data breach from authorities. According to The New York Times, a jury in a San Francisco federal court has found Sullivan guilty of obstructing the FTC’s ongoing investigation into Uber at the time for another breach that occurred in 2014. He was also found guilty of actively hiding a felony from authorities. Sullivan’s case, believed to be the first time an executive has faced criminal charges over a hack, revolves around how the former executive dealt with the bad actors who infiltrated Uber’s Amazon server and demanded $100,000 from the company.

The hackers got in touch with Uber shortly after Sullivan sat for a deposition with the FTC for its investigation of the 2014 cybersecurity incident. They told him they found a security vulnerability that allowed them to download the personal data of 600,000 drivers and additional information linked to 57 million drivers and passengers. As The Washington Post reports, it was revealed later on that the hackers found a digital key that they used to get into Uber’s Amazon account. There, they found an unencrypted backup collection of personal data on passengers and drivers.

Sullivan pointed them to the company’s bug bounty program, which had a max payout of $10,000. The hackers wanted at least $100,000, however, and threatened to release the data they’d stolen if Uber didn’t pay up. The former security chief paid them the amount they demanded in bitcoin and made it appear as if they’d been paid under the bug bounty program — an action reportedly sanction by then Uber chief executive Travis Kalanick. He also tracked them down and made them sign nondisclosure agreements.

The former executive’s camp argued that Sullivan felt Uber’s user data was protected after the hackers signed an NDA. “Mr. Sullivan believed that their customers’ data was safe and that this was not some incident that needed to be reported. There was no coverup and there was no obstruction,” his lawyer David Angeli said. But prosecutors disagreed and viewed his use of NDAs as a way to cover up the incident. Further, they stressed that the incident shouldn’t have been qualified for a payout under the bug bounty program, which is meant to reward friendly security researchers, when the bad actors threatened to release users’ personal information if they didn’t get paid the amount they wanted.

Continue reading Uber’s ex-security chief was found guilty of covering up a major data breach in 2016 on Engadget

Do you have a complaint about Uber or Uber Eats, such as overcharges or fraud? Take your claim to FairShake, the consumer advocacy service.

Read More:

FairShake is aggregating links to consumer news stories across the web. We claim no rights to the snippets featured.

Latest news

Top DISH Network story from Forbes: DISH Network And Walt Disney Company Do A Rare ‘Handshake’ Carriage Agreement For Cable Networks

From Forbes: In a rarity in the cable network industry, after the Walt DisneyDIS Company pulled down its networks...

Take action against PayPal: PayPal’s ‘once beloved story’ is ‘back in vogue’ despite some noise

From MarketWatch: The stock fared better later in the month after Amazon.com Inc. AMZN, -5.04% announced that it was finally...

Earn a big cash back bonus with Chase Ink Business Cash and Unlimited cards, Warns USA TODAY

From USA TODAY: — Our editors review and recommend products to help you buy the stuff you need. If you...

Hold Wells Fargo responsible: Wells Fargo in Talks With CFPB to Settle Variety of Inquiries

From Bloomberg Law: Wells Fargo & Co., which set aside $2 billion last quarter to deal with legal matters, said...

Wells Fargo Names Fercho Head of Diverse Segments, Representation, Inclusion, says MarketWatch

From MarketWatch: Wells Fargo launched the DSRI function in 2020 to coordinate the bank's diversity, equity and inclusion efforts across...

Take action against AT&T: DirecTV Impersonators Are Scamming Customers, New Lawsuits Say

From Bloomberg Law: AT&T Inc.-owned DirecTV LLC is suing two US companies for allegedly posing as the satellite-TV provider to...

You might also likeRELATED
Recommended to you