Former Uber security chief guilty of data breach coverup

Oct 5, 2022, 8:02 PM | Updated: Oct 7, 2022, 2:25 am
FILE - An Uber sign is displayed at the company's headquarters in San Francisco, Monday, Sept. 12, ...

FILE - An Uber sign is displayed at the company's headquarters in San Francisco, Monday, Sept. 12, 2022. Joseph Sullivan, the former chief security officer for Uber, was convicted Wednesday, Oct. 5 of trying to cover up a 2016 data breach in which hackers accessed tens of millions of customer records from the ride-hailing service. (AP Photo/Jeff Chiu, File)

(AP Photo/Jeff Chiu, File)

SAN FRANCISCO (AP) — The former chief security officer for Uber was convicted Wednesday of trying to cover up a 2016 data breach in which hackers accessed tens of millions of customer records from the ride-hailing service.

A federal jury in San Francisco convicted Joseph Sullivan of obstructing justice and concealing knowledge that a federal felony had been committed, federal prosecutors said.

Sullivan remains free on bond pending sentencing and could face a total of eight years in prison on the two charges when he is sentenced, prosecutors said.

“Technology companies in the Northern District of California collect and store vast amounts of data from users,” U.S. Attorney Stephanie M. Hinds said in a statement. “We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users.”

It was believed to be the first criminal prosecution of a company executive over a data breach.

A lawyer for Sullivan, David Angeli, took issue with the verdict.

“Mr. Sullivan’s sole focus — in this incident and throughout his distinguished career — has been ensuring the safety of people’s personal data on the internet,” Angeli told the New York Times.

An email to Uber seeking comment on the conviction wasn’t immediately returned.

Sullivan was hired as Uber’s chief security officer in 2015. In November 2016, Sullivan was emailed by hackers, and employees quickly confirmed that they had stolen records on about 57 million users and also 600,000 driver’s license numbers, prosecutors said.

After learning of the breach, Sullivan began a scheme to hide it from the public and the Federal Trade Commission, which had been investigating a smaller 2014 hack, authorities said.

According to the U.S. attorney’s office, Sullivan told subordinates that “the story outside of the security group was to be that ‘this investigation does not exist,'” and arranged to pay the hackers $100,000 in bitcoin in exchange for them signing non-disclosure agreements promising not to reveal the hack. He also never mentioned the breach to Uber lawyers who were involved with the FTC’s inquiry, prosecutors said.

“Sullivan orchestrated these acts despite knowing that the hackers were hacking and extorting other companies as well as Uber,” the U.S. attorney’s office said.

Uber’s new management began investigating the breach in the fall of 2017. Despite Sullivan lying to the new chief executive officer and others, the truth was uncovered and the breach was made public, prosecutors said.

Sullivan was fired along with Craig Clark, an Uber lawyer he had told about the breach. Clark was given immunity by prosecutors and testified against Sullivan.

No other Uber executives were charged in the case.

The hackers pleaded guilty in 2019 to computer fraud conspiracy charges and are awaiting sentencing.

Sullivan was convicted of of obstruction of proceedings of the Federal Trade Commission and misprision of felony, meaning concealing knowledge of a felony from authorities.

Meanwhile, some experts have questioned how much cybersecurity has improved at Uber since the breach.

The company announced last month that all its services were operational following what security professionals called a major data breach, claiming there was no evidence the hacker got access to sensitive user data.

The lone hacker apparently gained access posing as a colleague, tricking an Uber employee into surrendering their credentials. Screenshots the hacker shared with security researchers indicate they obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data.

It is not known how much data the hacker stole or how long they were inside Uber’s network. There was no indication they destroyed data.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE- Russia's Sudzha gas pumping station is seen, Sunday, Jan. 11, 2009. Russian energy giant Gazp...
Associated Press

Russian energy giant says no further gas cuts to Moldova

BUCHAREST, Romania (AP) — Russian energy giant Gazprom announced Monday that it will not further reduce natural gas to Moldova as it had threatened to do after claiming that bills went unpaid and that flows crossing through Ukraine were not making it to Moldova. Gazprom tweeted that Moldovagaz has “eliminated the violation of payment” for […]
6 hours ago
Mauna Loa is seen from the Gilbert Kahele Recreation Area off Saddle Road on the Big Island of Hawa...
Associated Press

Hawaii’s Mauna Loa starts to erupt, sending ash nearby

HONOLULU (AP) — Hawaii’s Mauna Loa, the world’s largest active volcano, has started to erupt, prompting volcanic ash and debris to fall nearby, authorities said Monday. The eruption began late Sunday night in the summit caldera of the volcano on the Big Island, the U.S. Geological Survey said. Early Monday, it said lava flows were […]
6 hours ago
FILE - This image provided by the National Institute of Allergy and Infectious Diseases (NIAID) sho...
Associated Press

WHO renames monkeypox as mpox, citing racism concerns

LONDON (AP) — The World Health Organization has renamed monkeypox as mpox, citing concerns the original name of the decades-old animal disease could be construed as discriminatory and racist. The U.N. health agency said in a statement Monday that mpox was its new preferred name for monkeypox, saying that both monkeypox and mpox would be […]
6 hours ago
Associated Press

Kimberly Palmer: Holiday survival tips from 5 financial pros

For Ryan Decker, surviving the holiday shopping season is all about planning ahead. In fact, if he sees a gift for one of his two young sons in March, he’ll go ahead and buy it, instead of rushing through his shopping list in December. “It very much eases the burden,” he says, making his December […]
6 hours ago
Elderly residents are evacuated by a local organization from the southern city of Kherson, Ukraine,...
Associated Press

Ukraine on edge for more attacks, West eyes humanitarian aid

KYIV (AP) — Ukraine prepared for more Russian strikes on Monday and warned of the possibility for a new round of evacuations from the capital during a relative lull from the airstrikes on energy facilities and other key infrastructure in recent weeks. In the West, meanwhile, preparations were stepped up to boost humanitarian aid to […]
6 hours ago
Wreaths hang on the Truman Balcony of the White House in Washington, Sunday, Nov. 27, 2022. (AP Pho...
Associated Press

‘We the People’ is the White House’s theme for the holidays

WASHINGTON (AP) — Drawing decorating inspiration from America’s founding documents, Jill Biden chose a “We the People” theme to deck the White House halls and to remind Americans of what unites them throughout the year, especially during the holidays. Journalists were given a sneak peek early Monday before the first lady was to unveil the […]
6 hours ago

Sponsored Articles

...
Quantum Fiber

How high-speed fiber internet edges out cable for everyday use

In a world where technology drives so much of our daily lives, a lack of high-speed internet can be a major issue.
...
Day & Night Air Conditioning, Heating and Plumbing

Prep the plumbing in your home just in time for the holidays

With the holidays approaching, it's important to know when your home is in need of heating and plumbing updates before more guests start to come around.
(Photo via MLB's Arizona Fall League / Twitter)...
Arizona Fall League

Top prospects to watch at this year’s Arizona Fall League

One of the most exciting elements of the MLB offseason is the Arizona Fall League, which began its 30th season Monday.
Former Uber security chief guilty of data breach coverup