Security News > 2020 > August > Former Uber CSO Charged Over 2016 Data Breach Cover-Up

Former Uber CSO Charged Over 2016 Data Breach Cover-Up
2020-08-21 08:58

The U.S. Department of Justice announced on Thursday that former Uber Chief Security Officer Joe Sullivan has been charged over his alleged role in the cover-up of the 2016 data breach that resulted in the information of millions of Uber drivers and users getting stolen by hackers.

During his time at Uber - he served as the company's CSO between April 2015 and November 2017 - the ride-sharing giant's systems were breached and the attackers managed to steal information belonging to 57 million users and drivers.

In an effort to cover up the breach, Uber paid the cybercriminals $100,000 through its HackerOne bug bounty program, instructing them to destroy the data.

The incident occurred in the fall of 2016, but it was only disclosed to the public roughly one year later, after Dara Khosrowshahi was appointed Uber's CEO. Sullivan was fired over his role in the handling of the breach and U.S. officials expressed discontent over how the incident was addressed, particularly since information was withheld from the FTC, which at the time was investigating a smaller cybersecurity incident suffered by the ride-sharing firm in 2014.

"The criminal complaint also alleges Sullivan deceived Uber's new management team about the 2016 breach. Specifically, Sullivan failed to provide the new management team with critical details about the breach," the Justice Department said.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/uYLXBz2SEHk/former-uber-cso-charged-over-2016-data-breach-cover