Uber's former security chief charged with covering up 2016 data breach

  • Uber's former security officer Joseph Sullivan has been charged in the US for his role in the company's 2016 data breach involving 57 million drivers and passengers.

    Global ridesharing tech firm Uber suffered a major data breach back 2016 when the details of 57 million Uber drivers and passengers were exposed to hackers. Former security officer Joseph Sullivan was fired in 2017 after details of the data breach became known and the company admitted that they paid the hacker group a £75,000 ransom to delete the stolen data.

    Sullivan is now being charged with obstruction of justice in the US for his part in covering up the incident. All data breaches must be reported to the proper authorities in a timely manner and companies have to comply with all external investigations, and Sullivan is accused of not doing this in his security role at the firm.

    The £75,000 payment made to hackers in the incident was initially claimed to be a "bug bounty" like those paid to security professionals who routinely search for exploits in computer systems and practice responsible disclosure. The payment was sent in bitcoin, however, which is typically done for ransoms paid to hackers.

    The charges filed by the US Department of Justice claim that Sullivan obstructed the US Federal Trade Commission from finding out about the hack, including hiding the payment and asking the hackers to sign non-disclosure agreements stating that they hadn't actually stolen any Uber data.

    The breach was officially declared by Uber's Chief Executive Dara Khosrowshahi in 2017, and the company went on to pay $148m USD to settle legal claims with US states involved. Mr Sullivan, who has denied the charges, now works as Chief Information Security Officer for cyber-security firm Cloudfare, which thwarts threats such as Denial of Service attacks against websites.

    Source: BBC News

    About the author

    Brendan is a Sync NI writer with a special interest in the gaming sector, programming, emerging technology, and physics. To connect with Brendan, feel free to send him an email or follow him on Twitter.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

Share this story