Uber’s Ex-CSO Accused Of A Cover Up

Uber's former Chief Security Officer (CSO)  Joseph Sullivan has been charged with obstruction of justice and stands  accused of trying to cover up a data breach in 2016 that exposed the details of 57 million Uber drivers and passengers. 

The company has previously admitted to paying a group of hackers a $100,000 (£75,000) ransom to delete the data they had stolen. A criminal complaint has also been filed against Sullivan preventing justice being done regarding hiding the hacking attack Uber Technology suffered.

In addition to hiding the attack, he is charged with  intentionally preventing information about the attack  from reaching the US Federal Trade Commission (FTC). The payment was disguised as a "bug bounty" reward, used to pay cyber-security researchers who disclose vulnerabilities so they can be fixed. The charges allege that he asked the hackers to sign non-disclosure agreements, falsely stating they had not stolen any Uber data.

Mr Sullivan was subsequently fired form his job at Uber in 2017 when the data breach was finally revealed. 

Mr Sullivan denies the charges and is currently employed as chief information security officer at leading cybersecurity firm Cloudflare. The current CEO of Uber,  Dara Khosrowshahi disclosed the data breach in 2017 after taking over from his controversial predecessor, Travis Kalanick, who is no longer connected with Uber.

The the company eventually paid $148m to settle legal claims by all 50 US states and Washington DC.

It was stated that Sullivan, who worked as a security manager at Uber between 2015 and 2017, was secretly contacted by hackers via e-mail, and the attackers were informed that Sullivan issued the payment. It was reported that the hackers had access to information belonging to 57 million Uber users and employees, including the driver’s license numbers of 600 thousand people. It is alleged that Sullivan knowingly and willingly tried to hide all these events from the Federal Trade Commission.

Many large companies have open bug bounty schemes that invite hackers, under strict conditions, to test their computer systems for flaws. If they find one, they get paid and the company can fix it without needing to alert the authorities.

US Dept. of Justice:          Forbes:        Bloomberg:         BBC:     SOMAG News:

You Might Also Read:

How Can Boardrooms Effectively Manage Cyber Risk?:
 

 

« Will It Be The US That Breaks Up The Internet?
Facebook, Instagram, Twitter & YouTube Have All Become Search Engines »

Perimeter 81

Directory of Suppliers

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Synopsys

Synopsys

Synopsys is a global leader in electronic design automation and semiconductor IP and is growing its leadership in software quality and security solutions.

Acuity Risk Management

Acuity Risk Management

Acuity Risk Management helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

Karlsruhe Institute of Technology (KIT)

Karlsruhe Institute of Technology (KIT)

KIT is a leading research and education institutions with strong capabilities in information systems and security.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

Skrumble Technologies

Skrumble Technologies

Skrumble Network (SKM) is a completely new, innovative blockchain powering an application ecosystem that centers on creating the most secure connections for communication possible.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.