- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
Uber’s Former Security Chief Convicted of 2016 Data Breach Cover-Up
Uber’s former chief security officer was convicted of federal charges for illegally covering up the theft of Uber drivers’ and customers’ personal information in 2016.
Joe Sullivan was originally charged in 2020 with obstruction of justice and misprision. He was convicted on both counts on Wednesday October 5, 2022.
The news comes five years after Uber CEO Dara Khosrowshahi issued a statement acknowledging that in late 2016, hackers had broken into the ride-hailing giant’s infrastructure and stolen 57 million customer and driver records.
At the time, Sullivan and Craig Clark, legal director of security and law enforcement, were consequently fired as a result.
A year later, in 2017, court documents showed Sullivan had learned of the theft in November 2016 but tried to cover up that theft by trying to disguise the ransom payment made to the threat actors to recover the data as a bug bounty award.
“In years gone by, companies would attempt to cover up their data breaches in the thought that this would impact the business less,” Jake Moore, global cybersecurity advisor at ESET, tells Infosecurity Magazine.
“However, with data thefts growing in huge swathes across all industries along with the introduction of GDPR, it is now far more noble to own up to a breach and offer support and help to those affected in a timely manner.”
According to the executive, time is of the essence in a data breach where private information has been stolen, so customers must be alerted immediately.
“It is now even mildly expected that a company will be attacked and potentially have a data leak; therefore, it is more interesting to monitor how a company owns up to a breach and handles the aftermath of the breach.”
Sullivan’s conviction comes weeks after Uber was compromised again. This time, the tech giant blamed the Lapsus$ group for the breach.