U.S. charges former Uber security chief with covering up massive 2016 hacking

By Jonathan Stempel WASHINGTON (Reuters) - A former chief security officer for Uber Technologies was criminally charged on Thursday with trying to cover up a 2016 hacking that exposed personal information of about 57 million of the ride-hailing company's customers and drivers. The U.S. Department of Justice charged Joseph Sullivan, 52, with obstruction, saying he took 'deliberate steps' to keep the Federal Trade Commission from learning about the breach, including by communicating behind-the-scenes with the hackers and lying to keep top Uber executives in the dark.

Reuters August 21, 2020 03:05:09 IST
U.S. charges former Uber security chief with covering up massive 2016 hacking

US charges former Uber security chief with covering up massive 2016 hacking

By Jonathan Stempel

WASHINGTON (Reuters) - A former chief security officer for Uber Technologies was criminally charged on Thursday with trying to cover up a 2016 hacking that exposed personal information of about 57 million of the ride-hailing company's customers and drivers.

The U.S. Department of Justice charged Joseph Sullivan, 52, with obstruction, saying he took "deliberate steps" to keep the Federal Trade Commission from learning about the breach, including by communicating behind-the-scenes with the hackers and lying to keep top Uber executives in the dark.

Efforts to immediately locate a lawyer for Sullivan were unsuccessful.

Uber eventually discovered the hacking and disclosed it in Nov. 2017, the same month Sullivan was fired after 2-1/2 years as chief security officer, according to court papers.

The San Francisco-based company agreed the following September to pay $148 million to settle claims by all 50 U.S. states and Washington, D.C. which said it was slow to reveal the hacking.

Sullivan, of Palo Alto, California, was accused of funneling a payoff to the hackers through Uber's "bug bounty" program, where a third party arranges payments to "white hat hackers" who flag security issues but have not compromised data themselves.

Prosecutors said Uber ended up paying the hackers, who initially sought a six-figure payout, $100,000 in bitcoin in December 2016, then "by far" its largest bug bounty payout, despite their refusal to identify themselves by name.

They also said Sullivan had the hackers sign non-disclosure agreements that falsely stated they had not stolen data.

“Silicon Valley is not the Wild West," U.S. Attorney David Anderson in San Francisco said in a statement. "We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments."

(Reporting by Jonathan Stempel in New York and Eric Beech in Washington, D.C.; Editing by Mohammad Zargham and Aurora Ellis)

This story has not been edited by Firstpost staff and is generated by auto-feed.

Updated Date:

TAGS:

also read

Pulitzer Prize-winning photojournalist Danish Siddiqui killed in Afghanistan: Politicans, journalists pay tributes
India

Pulitzer Prize-winning photojournalist Danish Siddiqui killed in Afghanistan: Politicans, journalists pay tributes

The Pulitzer prize winner, who was in Kandahar covering operations against Taliban, was killed when he was riding along with the Afghan Special Forces

Indian photojournalist Danish Siddiqui killed during assignment in Afghanistan's Kandahar province
India

Indian photojournalist Danish Siddiqui killed during assignment in Afghanistan's Kandahar province

Siddiqui had also covered the 2020 Delhi riots, COVID-19 pandemic, Nepal earthquake in 2015 and the protests in Hong Kong

Danish Siddiqui's passing is a reminder of the high price one pays for showing the truth
India

Danish Siddiqui's passing is a reminder of the high price one pays for showing the truth

Danish's photographs were not just documentation, but the work of someone who went down to eye-level, as they say in photographic parlance.