Uber’s Ex-CSO Accused Of A Cover Up

Uber's former Chief Security Officer (CSO)  Joseph Sullivan has been charged with obstruction of justice and stands  accused of trying to cover up a data breach in 2016 that exposed the details of 57 million Uber drivers and passengers. 

The company has previously admitted to paying a group of hackers a $100,000 (£75,000) ransom to delete the data they had stolen. A criminal complaint has also been filed against Sullivan preventing justice being done regarding hiding the hacking attack Uber Technology suffered.

In addition to hiding the attack, he is charged with  intentionally preventing information about the attack  from reaching the US Federal Trade Commission (FTC). The payment was disguised as a "bug bounty" reward, used to pay cyber-security researchers who disclose vulnerabilities so they can be fixed. The charges allege that he asked the hackers to sign non-disclosure agreements, falsely stating they had not stolen any Uber data.

Mr Sullivan was subsequently fired form his job at Uber in 2017 when the data breach was finally revealed. 

Mr Sullivan denies the charges and is currently employed as chief information security officer at leading cybersecurity firm Cloudflare. The current CEO of Uber,  Dara Khosrowshahi disclosed the data breach in 2017 after taking over from his controversial predecessor, Travis Kalanick, who is no longer connected with Uber.

The the company eventually paid $148m to settle legal claims by all 50 US states and Washington DC.

It was stated that Sullivan, who worked as a security manager at Uber between 2015 and 2017, was secretly contacted by hackers via e-mail, and the attackers were informed that Sullivan issued the payment. It was reported that the hackers had access to information belonging to 57 million Uber users and employees, including the driver’s license numbers of 600 thousand people. It is alleged that Sullivan knowingly and willingly tried to hide all these events from the Federal Trade Commission.

Many large companies have open bug bounty schemes that invite hackers, under strict conditions, to test their computer systems for flaws. If they find one, they get paid and the company can fix it without needing to alert the authorities.

US Dept. of Justice:          Forbes:        Bloomberg:         BBC:     SOMAG News:

You Might Also Read:

How Can Boardrooms Effectively Manage Cyber Risk?:
 

 

« Will It Be The US That Breaks Up The Internet?
Facebook, Instagram, Twitter & YouTube Have All Become Search Engines »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Interpol

Interpol

Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

Italtel

Italtel

Italtel is a multinational ICT company that combines networks and communications services with the ability to innovate and develop solutions for digital transformation.

CyberSec Hub

CyberSec Hub

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Asia Center of Excellence for Smart Technologies (ACES)

Asia Center of Excellence for Smart Technologies (ACES)

ACES is a one-stop competency center and incubator for the development of Industry 4.0 and associated technologies including cybersecurity, robotics, IoT and Big Data.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.