Many people should remember the data breach at Uber back in 2016. At that time, Uber chief security officer Joe Sullivan proved that hackers couldn’t access staff or user data. However, today, we learned that he was found guilty of hiding the cyberattack consequences.
In 2016, bad actors downloaded the personal information of more than 57 million people. The stolen information included names, email addresses, and phone numbers of more than 50 million Uber riders and 7 million drivers. Moreover, there were more than 600,000 driver’s license numbers.
According to the New York Times and Washington Post, Sullivan is accused on two counts. First, he obstructed justice by not revealing the breach to the FTC. Second, he concealed a felony from the authorities. Interestingly, there was another accusation of wire fraud. But this one was dismissed in August. By the way, Sullivan had also been the security executive at other top tech firms. They include Facebook and Cloudflare.
Gizchina News of the week
Uber Data Breach Might Cost Sullivan 8 Years In Jail
In 2016, two outsiders found Uber user credentials on Github. As a result, they could access Uber’s Amazon Web Services (AWS) storage. So they were able to download database backups. Then, the hackers contacted Uber requiring payment in exchange for a promise to delete the information they had. Uber paid $100,000 (in Bitcoins). However, the police arrested them in 2019.
Uber has been an easy bait for hackers. But this is the first time that a company executive might appear in jail. Thus, this case can become a precedent for other cases when companies quietly pay ransoms to hackers. Everything seems clear, as the prosecutors showed evidence that Sullivan and Uber’s former CEO Travis Kalanick was in talks when paying the hackers. What’s worse, none of them provided information about the new CEO, Dara Khosrowshahi.
According to Bloomberg, Sullivan didn’t reveal the attack because he was responsible for Uber’s security improvement once he took the position in 2015. But now, he might appear in jail for eight years.
In fairness, Khosrowshahi fired Sullivan after Uber publicly admitted the data breach. Moreover, the company paid $148 million in civil litigation over the breach to all 50 states. They also said that Uber would fully cooperate with the authorities in the criminal case against Sullivan.