Security News > 2020 > August > Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up
A former Uber security executive has been charged for his role in the cover-up of a massive 2016 data breach, in which attackers accessed the company's Amazon Web Services accounts and stole data associated with 57 million passengers and drivers.
In October 2016, two hackers gained access to Uber data stored on Amazon Web Services accounts, using Uber software engineer credentials found on GitHub, and stole a database that contained personally identifiable information associated with 57 million Uber users and drivers.
The federal complaint alleges an elaborate cover-up by Sullivan that involved deceiving not just the FTC but also asking Uber employees to cover up information about the breach and the payout, as well as failing to inform officials about its scope.
At the time of the 2016 breach, Sullivan already was in contact with the FTC about a 2014 data breach at Uber and had just provided testimony about that hack to law enforcement when the 2016 breach occurred, according to prosecutors.
Uber eventually was fined $20,000 in 2016 by the New York attorney general for failing to disclose the 2014 breach.