Ex-Uber CSO convicted of cover-up in 2016 data breach

Ex-Uber CSO convicted of cover-up in 2016 data breach

Former Uber Technologies chief safety officer (CSO) Joe Sullivan has been convicted by a jury of hiding a 2016 info breach from the U.S. Federal Trade Fee.

Bloomberg Information claimed the San Francisco jury rejected his defence that other executives realized about the coverup and ended up responsible, convicting him of obstructing a federal government investigation and concealing the theft of personalized info of 50 million clients and 7 million motorists. That integrated around 800,000 Canadians.

Sullivan was accused of quietly arranging for Uber to spend the hackers US$100,000 in Bitcoin to delete the stolen details, beneath the guise of a application applied to reward security scientists for figuring out vulnerabilities, recognised as a “bug bounty,”  the news report mentioned. In return, the two hackers agreed not to disclose that they had stolen the facts. The hackers later on pleaded responsible for their job in the incident.

The October 2016 hack stayed key right up until November, 2017 when it was disclosed by the new chief government officer (CEO), Dara Khosrowshahi.

The prosecution noted that Sullivan emailed Uber’s then-CEO about that hack 12 several hours just after it was uncovered.

The incident has been hanging over Uber at any time considering that. In 2018 it paid a $148 million in a civil settlement to all 50 states and Washington D.C. for the coverup.

Separately, in July Uber entered a non-prosecution arrangement with federal prosecutors to resolve a legal investigation that the trip-sharing firm deceived buyers about its privacy and details security procedures.

Sullivan will be sentenced for Wednesday’s conviction at a potential day.

In a commentary, David Lindner, CISO at Distinction Protection, mentioned the complete problem is particularly unlucky for Uber and the broader lawful/safety communities. “What Uber did was cover up a breach via implies of hiding it as a bug bounty submission,” he stated in a assertion. “The conviction of the protection main is a superior get started but for what was disclosed there really should be even more accountability of the executives and even board customers.

“Transparency is the only route forward for organizations. Transparency of breaches, transparency of regarded vulnerabilities, and transparency of the elements employed to establish their software program. Uber unsuccessful in being clear and it has resulted in not only a good but in the conviction of a human behind the choices. We will see far more of this if we never shift to transparency quickly.”

Leave a Reply