Security News > 2022 > October > Former Uber Security Chief Found Guilty of Data Breach Coverup

A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident.
"We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught."
"After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while the Commission was investigating the company's strikingly similar 2014 breach," the FTC noted in 2018.
"The separate guilty pleas entered by the hackers demonstrate that after Sullivan assisted in covering up the hack of Uber, the hackers were able to commit an additional intrusion at another corporate entity - Lynda.com - and attempt to ransom that data as well," the DoJ pointed out.
This past July, Uber also settled with the DoJ to pay $148 million and agreed to "Implement a corporate integrity program, specific data security safeguards, and incident response and data breach notification plans, along with biennial."
"The message in today's guilty verdict is clear: companies storing their customers' data have a responsibility to protect that data and do the right thing when breaches occur," FBI San Francisco Special Agent in Charge Robert K. Tripp said.
News URL
https://thehackernews.com/2022/10/former-uber-security-chief-found-guilty.html
Related news
- Data breach at Japanese telecom giant NTT hits 18,000 companies (source)
- PowerSchool previously hacked in August, months before data breach (source)
- Western Alliance Bank notifies 21,899 customers of data breach (source)
- Sperm donation giant California Cryobank warns of a data breach (source)
- Pennsylvania education union data breach hit 500,000 people (source)
- There are 10,000 reasons to doubt Oracle Cloud's security breach denial (source)
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Food giant WK Kellogg discloses data breach linked to Clop ransomware (source)
- The quiet data breach hiding in AI workflows (source)