Uber’s former chief security officer convicted of 2016 data breach

San Francisco: The former chief security officer of Uber was convicted Wednesday of covering up a 2016 data breach in which hackers gained access to tens of millions of customer data from the ride-hailing service. A federal jury in San Francisco convicted Joseph Sullivan of obstruction of justice and withholding knowledge that a federal crime had been committed, federal prosecutors said. Sullivan remains out on bail pending sentencing and could face a total of eight years in prison on the two charges if convicted, prosecutors said.

“Tech companies in the Northern District of California collect and store massive amounts of user data,” US attorney Stephanie M. Hinds said in a statement. “We will not tolerate important information being hidden from the public by business leaders who are more interested in protecting their reputation and that of their employers than protecting users.”

It would be the first criminal prosecution of a company director for a data breach. A lawyer for Sullivan, David Angeli, disagreed with the verdict. “Mr. Sullivan’s sole focus in this incident and throughout his distinguished career has been to ensure the security of people’s data on the Internet,” Angeli told the New York Times.

Also read: 73 websites hacked every day in India, 2021 saw the highest cyberattacks in four years

An email to Uber requesting comment on the conviction was not immediately returned. Sullivan was hired as Uber’s Chief Security Officer in 2015. In November 2016, Sullivan received an email from hackers, and employees quickly confirmed they had stolen data from about 57 million users and also 600,000 driver’s license numbers, prosecutors said.

After learning of the breach, Sullivan embarked on a plan to hide it from the public and the Federal Trade Commission, which had been investigating a smaller 2014 hack, authorities said.

According to the US attorney’s office, Sullivan told subordinates that “the story outside the security group would be that this investigation does not exist,” and arranged to pay the hackers $100,000 in bitcoin in exchange for signing nondisclosure agreements that promised not to. reveal the hack. He also never mentioned the breach to Uber attorneys involved in the FTC’s investigation, prosecutors said.

Also read: OMG! An 18-year-old boy hacks into Uber, employees think someone is joking

“Sullivan orchestrated these acts despite knowing that the hackers were hacking and extorting other companies and Uber,” the US attorney’s office said. Uber’s new management began investigating the breach in the fall of 2017. Despite Sullivan lying to the new chief executive officer and others, the truth was discovered and the breach made public, prosecutors said.

Sullivan was fired along with Craig Clark, an Uber attorney he told about the breach. Clark was granted immunity from prosecutors and testified against Sullivan.

No other Uber executives were charged in the case. The hackers pleaded guilty to conspiracy to commit computer fraud in 2019 and are awaiting sentencing. Sullivan was convicted of obstructing Federal Trade Commission proceedings and of a misdemeanor, which involves concealing knowledge of a crime.

Meanwhile, some experts have questioned how much cybersecurity at Uber has improved since the breach. The company announced last month that all of its services were operational after what security professionals called a major data breach, claiming there was no evidence the hacker was gaining access to sensitive user data.

The lone hacker gained access by impersonating a colleague and tricking an Uber employee into handing in their credentials. Screenshots the hacker shared with security researchers indicate that they gained full access to the cloud-based systems where Uber stores sensitive customer and financial data. It is not known how much data the hacker stole or how long they were in Uber’s network.

Source link
Zee News

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous post EAM Jaishankar holds talks with New Zealand counterpart on the conflict in Indo-Pacific, Ukraine
Next post Indian Railways: IRCTC now offers online medical tourism services! How do you book?