After covering up a data breach that affected the personal records of 57 million Uber passengers and drivers, the company’s former chief security officer was found guilty and sentenced by a U.S. federal court.
Former Facebook security chief Joe Sullivan was CSO of ride-sharing company Uber when hackers stole customer and driver names, email addresses and phone numbers in October 2016.
It was later revealed that a careless developer at the company had left login credentials in an Amazon Web Services bucket used by Uber in a GitHub repository.
Hackers contacted Uber and demanded money after stealing data from an AWS bucket.
Sullivan then made a series of highly unusual decisions for the CSO to deal with the data breach.
- He chose not to warn innocent affected individuals that their data had been stolen
- He chose not to tell regulators about the data breach or notify them
Instead, he chose to cover up the hack, arranging for a covert visit with the hacker and paying the hacker $100,000 to sign a nondisclosure agreement that news of the breach would never be made public.
payment to hackers Disguised as a payment from a business bug bounty programin exchange for their silence.
as previously explained security hotprosecutors alleged that the CSO’s ego covered up the security failure to protect his own ego and prevent drivers from fleeing to Uber’s rivals.
Prosecutors claimed that Uber drivers were “cheated” because they continued to share a portion of their fare with the company.
Sullivan, a former federal prosecutor who was named Cloudflare’s CISO after leaving Uber, was warned that he could face several years in prison if convicted.
But last week he was told he would avoid a prison sentence and be sentenced to three years probation.
U.S. Judge William Orrick for the Northern District of California told Sullivan, “If I brought a similar case tomorrow, even if the defendant had the character of Pope Francis, they would be in jail.” “When you go out and talk to your friends or your CISO, the reason you take a break is not because of what you did or who you are, it’s a very unusual one-off.” I tell them that it was because
