AP

Former Uber security chief guilty of data breach coverup

Oct 5, 2022, 8:02 PM | Updated: Oct 7, 2022, 2:25 am

SAN FRANCISCO (AP) — The former chief security officer for Uber was convicted Wednesday of trying to cover up a 2016 data breach in which hackers accessed tens of millions of customer records from the ride-hailing service.

A federal jury in San Francisco convicted Joseph Sullivan of obstructing justice and concealing knowledge that a federal felony had been committed, federal prosecutors said.

Sullivan remains free on bond pending sentencing and could face a total of eight years in prison on the two charges when he is sentenced, prosecutors said.

“Technology companies in the Northern District of California collect and store vast amounts of data from users,” U.S. Attorney Stephanie M. Hinds said in a statement. “We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users.”

It was believed to be the first criminal prosecution of a company executive over a data breach.

A lawyer for Sullivan, David Angeli, took issue with the verdict.

“Mr. Sullivan’s sole focus — in this incident and throughout his distinguished career — has been ensuring the safety of people’s personal data on the internet,” Angeli told the New York Times.

An email to Uber seeking comment on the conviction wasn’t immediately returned.

Sullivan was hired as Uber’s chief security officer in 2015. In November 2016, Sullivan was emailed by hackers, and employees quickly confirmed that they had stolen records on about 57 million users and also 600,000 driver’s license numbers, prosecutors said.

After learning of the breach, Sullivan began a scheme to hide it from the public and the Federal Trade Commission, which had been investigating a smaller 2014 hack, authorities said.

According to the U.S. attorney’s office, Sullivan told subordinates that “the story outside of the security group was to be that ‘this investigation does not exist,'” and arranged to pay the hackers $100,000 in bitcoin in exchange for them signing non-disclosure agreements promising not to reveal the hack. He also never mentioned the breach to Uber lawyers who were involved with the FTC’s inquiry, prosecutors said.

“Sullivan orchestrated these acts despite knowing that the hackers were hacking and extorting other companies as well as Uber,” the U.S. attorney’s office said.

Uber’s new management began investigating the breach in the fall of 2017. Despite Sullivan lying to the new chief executive officer and others, the truth was uncovered and the breach was made public, prosecutors said.

Sullivan was fired along with Craig Clark, an Uber lawyer he had told about the breach. Clark was given immunity by prosecutors and testified against Sullivan.

No other Uber executives were charged in the case.

The hackers pleaded guilty in 2019 to computer fraud conspiracy charges and are awaiting sentencing.

Sullivan was convicted of of obstruction of proceedings of the Federal Trade Commission and misprision of felony, meaning concealing knowledge of a felony from authorities.

Meanwhile, some experts have questioned how much cybersecurity has improved at Uber since the breach.

The company announced last month that all its services were operational following what security professionals called a major data breach, claiming there was no evidence the hacker got access to sensitive user data.

The lone hacker apparently gained access posing as a colleague, tricking an Uber employee into surrendering their credentials. Screenshots the hacker shared with security researchers indicate they obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data.

It is not known how much data the hacker stole or how long they were inside Uber’s network. There was no indication they destroyed data.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Several hundred students and pro-Palestinian supporters rally at the intersection of Grove and Coll...

Associated Press

Pro-Palestinian protests sweep US college campuses following mass arrests at Columbia

Columbia canceled in-person classes, dozens of protesters were arrested at New York University and Yale, and the gates to Harvard Yard were closed to the public Monday.

19 hours ago

Ban on sleeping outdoors under consideration in Supreme Court...

Associated Press

With homelessness on the rise, the Supreme Court weighs bans on sleeping outdoors

The Supreme Court is wrestling with major questions about the growing issue of homelessness as it considers a ban on sleeping outdoors.

20 hours ago

Arizona judge declares mistrial in case of rancher who shot migrant...

Associated Press

Arizona judge declares mistrial in the case of a rancher accused of fatally shooting a migrant

An Arizona judge declared a mistrial in the case of rancher accused of killing a Mexican man on his property near the U.S.-Mexico border.

21 hours ago

Donald Trump appears in court for opening statements in his criminal trial for allegedly covering u...

Associated Press

Trump tried to ‘corrupt’ the 2016 election, prosecutor alleges as hush money trial gets underway

Donald Trump's criminal trial in New York over alleged hush money payments started with opening statements on Monday.

1 day ago

This satellite image from Planet Labs PBC shows Iran's nuclear site in Isfahan, Iran, April 4, 2024...

Associated Press

Israel, Iran play down apparent Israeli strike. The muted responses could calm tensions — for now

Israel and Iran are both playing down an apparent Israeli airstrike near a major air base and nuclear site in central Iran.

4 days ago

Speaker of the House Mike Johnson, R-La., talks to reporters just after lawmakers pushed a $95 bill...

Associated Press

Ukraine, Israel aid advances in rare House vote as Democrats help Republicans push it forward

The House pushed ahead Friday on a foreign aid package of $95 billion for Ukraine, Israel, Taiwan and other sources of humanitarian support.

4 days ago

Sponsored Articles

...

Condor Airlines

Condor Airlines can get you smoothly from Phoenix to Frankfurt on new A330-900neo airplane

Adventure Awaits! And there's no better way to experience the vacation of your dreams than traveling with Condor Airlines.

...

DESERT INSTITUTE FOR SPINE CARE

Desert Institute for Spine Care is the place for weekend warriors to fix their back pain

Spring has sprung and nothing is better than March in Arizona. The temperatures are perfect and with the beautiful weather, Arizona has become a hotbed for hikers, runners, golfers, pickleball players and all types of weekend warriors.

...

Collins Comfort Masters

Avoid a potential emergency and get your home’s heating and furnace safety checked

With the weather getting colder throughout the Valley, the best time to make sure your heating is all up to date is now. 

Former Uber security chief guilty of data breach coverup