December 7, 2022


Inspire the Next

Ex-Uber CSO convicted of cover-up in 2016 data breach

Ex-Uber CSO convicted of cover-up in 2016 data breach

Previous Uber Technologies chief safety officer (CSO) Joe Sullivan has been convicted by a jury of hiding a 2016 facts breach from the U.S. Federal Trade Commission.

Bloomberg News claimed the San Francisco jury rejected his defence that other executives realized about the coverup and had been liable, convicting him of obstructing a federal government investigation and concealing the theft of particular info of 50 million clients and 7 million motorists. That integrated over 800,000 Canadians.

Sullivan was accused of quietly arranging for Uber to pay back the hackers US$100,000 in Bitcoin to delete the stolen facts, less than the guise of a software made use of to reward security researchers for pinpointing vulnerabilities, known as a “bug bounty,”  the information report mentioned. In return, the two hackers agreed not to disclose that they had stolen the knowledge. The hackers later on pleaded responsible for their purpose in the incident.

The October 2016 hack stayed key right until November, 2017 when it was disclosed by the new chief govt officer (CEO), Dara Khosrowshahi.

The prosecution noted that Sullivan emailed Uber’s then-CEO about that hack 12 hours immediately after it was identified.

The incident has been hanging about Uber at any time considering the fact that. In 2018 it compensated a $148 million in a civil settlement to all 50 states and Washington D.C. for the coverup.

Separately, in July Uber entered a non-prosecution arrangement with federal prosecutors to take care of a criminal investigation that the experience-sharing business deceived buyers about its privateness and details protection practices.

Sullivan will be sentenced for Wednesday’s conviction at a foreseeable future date.

In a commentary, David Lindner, CISO at Distinction Security, explained the full predicament is very unfortunate for Uber and the broader authorized/security communities. “What Uber did was go over up a breach by means of suggests of hiding it as a bug bounty submission,” he stated in a statement. “The conviction of the security chief is a great start out but for what was disclosed there must be even far more accountability of the executives and even board associates.

“Transparency is the only path forward for businesses. Transparency of breaches, transparency of recognised vulnerabilities, and transparency of the components used to create their computer software. Uber failed in getting transparent and it has resulted in not only a good but in the conviction of a human powering the choices. We will see extra of this if we never shift to transparency rapid.”