Former Uber director of security Joe Sullivan was convicted by a US jury of illegally covering up the theft of personal information from drivers and platform users. The truth came about in 2016, when the U.S. Federal Trade Commission (FTC) investigated a previous breach and the executive chose to keep the other secret. With data from 57 million people.
Sullivan was fired by the FTC in 2014 during an investigation into an attack on the shipping company’s online systems. Ten days after deposition, received an email from a cybercriminal announcing that he had found another vulnerability in the system and demanding a ransom payment of $100,000.
In order not to worsen your situation and that of the company, Sullivan chose to keep this new data leak confidential., and redirected hackers to Uber’s bug bounty program, paying a tenth of the amount and treating them as white hats. The company kept the secret until 2017, when new CEO Dara Khosrowshahi decided to disclose it.
How was the Uber CSO trial?
While there is no federal law in the US that requires companies or executives to disclose violations of their systems to regulators, some states require that such data thefts be reported. if disclosure of personal data has taken place and depending on the number of citizens affected.
When Khosrowshahi took over as chairman of the board, he fired Sullivan and Craig Clark, who also knew of the 2016 violation. Attorney Clark made a deal with federal prosecutors and was granted immunity. in exchange for testifying against the former NGO.
During the closing discussions, U.S. Deputy Attorney General Benjamin Kingsley pointed out that Sullivan took many steps to hide the entire FTC plot. He concluded: “This was deliberate withholding and concealment.”
Source: Tec Mundo
