Security News

Uber fined $325 million for moving driver data from Europe to US
2024-08-26 16:29

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations. [...]

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.
2024-08-26 14:23

The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending...

Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up
2024-06-08 14:40

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates
2024-01-23 14:33

The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new...

Former Uber CISO Appealing His Conviction
2023-10-19 11:08

Joe Sullivan, Uber's CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company's data security and privacy practices.

Former Uber CSO avoids prison for concealing data breach
2023-05-05 10:35

Joe Sullivan, the former Uber CSO who has been convicted last year for attempting to cover up a data breach Uber suffered in 2016 and kept it hidden from the Federal Trade Commission, has been sentenced to three years of probation plus 200 hours of community service. Sullivan became Chief Security Officer at Uber in April 2015, and in November 2016 testified before the FTC under oath that the company had taken to keep customer data secure following a 2014 data breach.

Ex-Uber CSO gets probation for covering up theft of data on millions of people
2023-05-04 23:20

Joe Sullivan won't serve any serious time behind bars for his role in covering up Uber's 2016 computer security breach and trying to pass off a ransom payment as a bug bounty. A San Francisco judge on Thursday sentenced the app maker's now-former chief security officer to three years of probation plus 200 hours of community service, despite prosecutors' pleas to throw Sullivan in the cooler.

Uber driver info stolen yet again: This time from law firm
2023-04-03 20:27

Uber has had more of its internal data stolen from a third party that suffered a security breach. Uber did not respond to The Register's question about how many of its drivers had their records stolen.

Uber staff info leaks after supplier Teqtivity gets pwned
2022-12-13 22:46

Uber executives said the information leaked was not from the massive breach in September, but from an attack on Teqtivity, a supplier whose software enables enterprises to keep track of their IT assets, such as phones and computers, and performs work for Uber. According to a statement from Teqtivity, an attacker gained access to a company backup server hosted by Amazon Web Services that stored code and data files related to Teqtivity's customers, such as Uber.

Uber suffers new data breach after attack on vendor, info leaked online
2022-12-12 18:30

Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. Early Saturday morning, a threat actor named 'UberLeaks' began leaking data allegedly stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches.