| Translate This News In |
|---|
According to US media reports, a jury found Uber’s former security chief guilty of federal crimes on Wednesday for covering up a massive hack that compromised the personal information of users and drivers. According to news outlets, Joseph Sullivan was found guilty of obstructing the work of the Federal Trade Commission and failing to notify authorities about a crime when he hid a 2016 hack instead of reporting it.
Sullivan could face a prison sentence. According to the criminal complaint, Sullivan attempted to pay off the hackers by funneling money through a “bug bounty” program that rewards developers for revealing security vulnerabilities without causing harm.
According to prosecutors, Uber paid the hackers $100,000 in bitcoin cryptocurrency in December 2016, and Sullivan wanted them to sign non-disclosure agreements promising to keep quiet about the affair.
From April 2015 to November 2017, Sullivan served as Uber’s chief security officer.
According to the criminal complaint, Sullivan misled Uber’s new CEO Dara Khosrowshahi, who was appointed in mid-2017 to replace Travis Kalanick, about the breach.
“Corporate cover-ups will not be tolerated. Illegal hush money payments will not be tolerated.”
According to Khosrowshahi, the San Francisco-based company let go of two members of the Uber information security team who “led the response,” which included not informing users about the data breach. According to the company’s CEO, outsiders broke into a cloud-based server used by Uber for data and downloaded a significant amount of information. According to Uber, stolen files contained the names, email addresses, and mobile phone numbers of millions of riders, as well as the names and driver’s license information of approximately 600,000 drivers.
According to an AFP source, co-founder and ousted CEO Kalanick was informed of the breach shortly after it was discovered, but it was not made public until Khosrowshahi learned of it.
Uber did not respond to an inquiry about the verdict.
“It’s a significant precedent that has already sent shockwaves through the CISO (chief information security officer) community,” said Casey Ellis, founder and CTO of Bugcrowd, a San Francisco-based leader in crowd-sourced cybersecurity.
