Security News > 2022 > October > Former Uber Security Chief Found Guilty of Data Breach Coverup

A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident.

"We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught."

"After misleading consumers about its privacy and security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while the Commission was investigating the company's strikingly similar 2014 breach," the FTC noted in 2018.

"The separate guilty pleas entered by the hackers demonstrate that after Sullivan assisted in covering up the hack of Uber, the hackers were able to commit an additional intrusion at another corporate entity - Lynda.com - and attempt to ransom that data as well," the DoJ pointed out.

This past July, Uber also settled with the DoJ to pay $148 million and agreed to "Implement a corporate integrity program, specific data security safeguards, and incident response and data breach notification plans, along with biennial."

"The message in today's guilty verdict is clear: companies storing their customers' data have a responsibility to protect that data and do the right thing when breaches occur," FBI San Francisco Special Agent in Charge Robert K. Tripp said.

News URL

https://thehackernews.com/2022/10/former-uber-security-chief-found-guilty.html