Jury Found Former Uber Security Chief Guilty of Mishandling a Data Breach Back in 2016
In early October, a jury found Joe Sullivan guilty of obstructing an active FTC investigation and concealing a data breach that ended up affecting 57 million Uber users.
SAN FRANCISCO, California, October 25 – Earlier this month, a federal jury found Joe Sullivan guilty of covering up a wide scale data breach. While serving as Uber’s head of security back in 2016, Sullivan allegedly tried to conceal a massive security breach, thereby obstructing justice and committing a felony in the process. The conviction came after a month-long trial, during which several relevant parties–including Uber’s CEO Dara Khosrowshahi–testified against Sullivan.
According to Axios, the conviction is worrisome for chief information security officers across the board, who now fear they could become the scapegoat following a cyberattack. The outcome of the trial doesn’t necessarily establish that precedent, however, because Sullivan appeared to knowingly commit wrongdoing in the wake of the incident.
After hackers infiltrated Uber’s system and stole the personally identifiable information of 50 million riders and 7 million drivers, Sullivan failed to disclose it. The malicious actors proceeded to demand $100,000 in exchange for destroying the stolen data, which Sullivan agreed to pay out of Uber’s pocket in the form of Bitcoin. He spun a different story, however, to sweep the incident under the rug and claimed the hackers’ demand was a bug bounty and that they all signed non-disclosure agreements.
Of course, companies that gather personally identifiable information have an obligation to protect it and to alert customers–and the appropriate authorities–if it’s ever compromised. Instead, Sullivan actively tried to hide the breach from the Federal Trade Commission and then took steps to keep the hackers from being caught. Uber disclosed the incident roughly one year after it occurred and fired Sullivan that same month. They have also invested in additional cybersecurity services to prevent similar breaches in the future.
About NOYNIM IT Solutions
If you own or operate a company that compiles personally identifiable information, you need to take steps to protect it. Thankfully, NOYNIM IT Solutions can help. We provide total IT support for small and medium-sized businesses that don’t have the resources to maintain an IT department in-house. Our Denver IT services include tailored cybersecurity strategies for keeping our clients’ networks secure. To discuss your needs with a knowledgeable member of our team, reach out on our Contact Page or call (720) 524-8616.