Hide Uber Boss breach

Hide Uber Boss breach

A jury has found the former Uber chief of security guilty of criminal obstruction for failing to report a massive data breach in 2016.

The Long Arm of Justice finally pursued a former cybersecurity executive, after he was found guilty of concealing a massive data breach at Uber.

The breach in question occurred in 2016, and the trial of former Uber Technologies chief security officer Joseph Sullivan began last month, after he was accused in 2020 of concealing the controversial data breach.

US Department of Justice confirmed That Joseph Sullivan was convicted of “obstruction of Federal Trade Commission (FTC) proceedings” and felony misinterpretation (ie the intentional concealment of a felony).

verdict of conviction

The guilty verdict followed a four-week trial in San Francisco.

In July, Uber accepted responsibility for covering up the breach and agreed to cooperate with Sullivan’s trial, as part of a settlement with US prosecutors to avoid criminal charges.

Sullivan was fired from Uber in 2017 over the matter, and the judge handling the case has yet to set a ruling date.

However, the Department of Justice stated that Sullivan faces a maximum five-year prison sentence for obstruction, and a maximum three-year prison sentence for the wrongful act.

US attorney Hinds noted that “tech companies in the northern region of California collect and store huge amounts of data from users.” “We expect these companies to protect that data and alert customers and relevant authorities when this data is stolen by hackers.”

“Sullivan has acted positively to conceal the data breach from the FTC and has taken steps to prevent hackers from being caught,” Hinds said. We will not tolerate the concealment of important information from the public by corporate executives who care more about protecting their own reputation and that of their employers than protecting their users. If this behavior violates federal law, he will be prosecuted.”

“The message in today’s indictment is clear: Companies that store their customers’ data have a responsibility to protect that data and do the right thing when violations occur,” said FBI special agent in charge Tripp. “The FBI and our government partners will not allow rogue tech executives to put the personal information of American consumers at risk for their own gain.”

The case has been closely watched as it sets an important precedent regarding the responsibility of individual executives when dealing with cybersecurity incidents.

This issue is becoming increasingly important at a time when ransomware attacks continue, along with rising cybersecurity insurance premiums.

Multiple breaches

There have been multiple data breaches at Uber over the past eight years.

In 2015, it emerged that Uber had waited five months to report being hacked again in September 2014, which leaked online details of hundreds of its drivers.

Social Security numbers, driver’s license photos and vehicle registration numbers were among the details erroneously disclosed, with as many as 647 drivers believed to have been affected across the United States.

But even worse was to follow in 2016, when Uber once again hid a data breach that exposed data from 57 million customers and drivers.

The 2016 hack didn’t result in any financial details or flight records stolen by the hacker, but the attackers got $100,000 in bitcoin to delete files. However, some personal information was stolen and there were no guarantees that the data had actually been destroyed.

To make matters worse, Uber used “bug bounty” software (usually used to identify small weaknesses in code), to pay hackers (one of whom was an unidentified 20-year-old man in Florida).

Uber reported the incident in November 2017, after new CEO Dara Khosrowshahi learned of the breach, after he had recently joined the company.

Read more: What on earth was Uber thinking?

Khosrowshahi’s admission in 2017 that Uber had not disclosed the breach for more than a year prompted an investigation by European authorities.

The British Information Commissioner’s Office (ICO) also fined the company 385,000 pounds ($490,760), while the Dutch data protection authority fined Uber 600,000 euros ($678,780).

Uber agreed in September 2018 to pay $148 million to settle legal proceedings over the attack.

latest breach

But that wasn’t the end of the company’s security incidents.

Last month (September 2022) Uber confirmed it was “responding to a cybersecurity incident”.

Then came the confirmation New York times It reported that a hack had accessed the company’s network and forced it to cut several internal communications and engineering systems offline.

According to the New York Times, the 18-year-old hacker hacked the Slack workplace messaging app and used it to send a message to Uber employees announcing that he had experienced a data breach.

Screenshots on Twitter show Uber’s hacked internal systems.

The hacker gained access to the company’s other internal systems, and posted a scandalous photo on an employee’s internal information page, according to the New York Times.

#Hide #Uber #Boss #breach

Leave a Comment

Your email address will not be published. Required fields are marked *