Uber’s former security chief found guilty of breaching data
On Wednesday, Uber’s former chief security officer was found guilty of covering up a 2016 data breach in which hackers gained access to tens of millions of customer records.
Federal prosecutors stated that a federal jury in San Francisco convicted Joseph Sullivan of obstructing justice and concealing knowledge of a federal crime.
Considered the first criminal case involving a business executive for handling a data breach, the lawsuit was closely followed in cybersecurity circles.
Joe Sullivan, sacked in 2017 for the incident, was found guilty by a San Francisco jury on Tuesday of obstructing a Federal Trade Commission investigation.
At the time of the breach in 2016, the regulator was investigating the car reservation service for another cybersecurity flaw that had occurred two years earlier.
Prosecutors said Sullivan had taken steps to ensure that the data compromised during the attack would not be disclosed.
According to court documents, two hackers approached Sullivan’s team to notify Uber of a security flaw that revealed the personal information of nearly 60 million drivers and motorcyclists on the platform.
The hackers, one of whom testified at the trial, rejected the company’s offer of $ 10,000 – the maximum payout under Uber’s “bug bounty” policy designed to encourage private disclosure of security breaches – and threatened to release the data if a higher paid cost has not been applied.