Uber’s Ex-CSO Accused Of A Cover Up

Uber's former Chief Security Officer (CSO)  Joseph Sullivan has been charged with obstruction of justice and stands  accused of trying to cover up a data breach in 2016 that exposed the details of 57 million Uber drivers and passengers. 

The company has previously admitted to paying a group of hackers a $100,000 (£75,000) ransom to delete the data they had stolen. A criminal complaint has also been filed against Sullivan preventing justice being done regarding hiding the hacking attack Uber Technology suffered.

In addition to hiding the attack, he is charged with  intentionally preventing information about the attack  from reaching the US Federal Trade Commission (FTC). The payment was disguised as a "bug bounty" reward, used to pay cyber-security researchers who disclose vulnerabilities so they can be fixed. The charges allege that he asked the hackers to sign non-disclosure agreements, falsely stating they had not stolen any Uber data.

Mr Sullivan was subsequently fired form his job at Uber in 2017 when the data breach was finally revealed. 

Mr Sullivan denies the charges and is currently employed as chief information security officer at leading cybersecurity firm Cloudflare. The current CEO of Uber,  Dara Khosrowshahi disclosed the data breach in 2017 after taking over from his controversial predecessor, Travis Kalanick, who is no longer connected with Uber.

The the company eventually paid $148m to settle legal claims by all 50 US states and Washington DC.

It was stated that Sullivan, who worked as a security manager at Uber between 2015 and 2017, was secretly contacted by hackers via e-mail, and the attackers were informed that Sullivan issued the payment. It was reported that the hackers had access to information belonging to 57 million Uber users and employees, including the driver’s license numbers of 600 thousand people. It is alleged that Sullivan knowingly and willingly tried to hide all these events from the Federal Trade Commission.

Many large companies have open bug bounty schemes that invite hackers, under strict conditions, to test their computer systems for flaws. If they find one, they get paid and the company can fix it without needing to alert the authorities.

US Dept. of Justice:          Forbes:        Bloomberg:         BBC:     SOMAG News:

You Might Also Read:

How Can Boardrooms Effectively Manage Cyber Risk?:
 

 

« Will It Be The US That Breaks Up The Internet?
Facebook, Instagram, Twitter & YouTube Have All Become Search Engines »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

Alan Boswell Group

Alan Boswell Group

We are a Group of Companies providing specialist Insurance Broking and Risk Management advice and services including Cyber Risk cover.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

Sothis

Sothis

Sothis is an information technology services company offering a range of solutions including cybersecurity, managed security services, information governance and compliance.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

Stripe OLT

Stripe OLT

At Stripe OLT, we provide complete business technology solutions - Our team has an unrivalled reputation as a Microsoft Gold Partner, specialising in secure, cloud-first technology.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

Green Enterprise Solutions

Green Enterprise Solutions

Green Enterprise Solutions are a Namibian company providing Information and Communication Technology (ICT) services to corporate Namibia.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.

Rapifuzz

Rapifuzz

At Rapifuzz, our goal is to help organizations test and secure their APIs enabling trust, innovation and Seamless Secured Digital Experiences.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.

Black Belt Secure

Black Belt Secure

We provide critical cybersecurity services such as managed security, ransomware mitigation, penetration testing, system auditing and compliance services to your organization.

Pango

Pango

Pango is a leading provider of digital consumer security solutions.