Home » Former Uber CSO faces eight years of imprisonment for hiding hack from law enforcement

Former Uber CSO faces eight years of imprisonment for hiding hack from law enforcement

by Exploit One
0 comment

In conjunction with the attempt to hide the breach Uber experienced in 2016, Joe Sullivan, the former Chief Security Officer (CSO) of Uber, was found guilty of hindrance of the Federal Trade Commission’s investigation and misprision of crime. People in the cybersecurity world, notably those holding the CSO and CISO (Chief Information Security Officer) positions, have been keenly following the trial.

This Uber verdict really is going to destroy CISO positions. If one can brief legal, obtain approval by the CEO, & still be hung out to dry for response actions that a hundred other firms have likely taken with far less structural cover, then there can’t be enough $$ to sign on
— JD Work (@HostileSpectrum) October 5, 2022

In April 2015, Sullivan was appointed as Uber’s Chief Security Officer. In 2014 Uber had only just informed the FTC that it had had a data breach. Following that disclosure, Uber’s data security procedures and practices were subject to an inquiry by the FTC’s Division of Privacy and Identity Protection. May 2015, one month following Sullivan’s hiring. In his sworn testimony before the FTC on November 4, 2016, Sullivan outlined the actions Uber had taken to protect data.

Ten days after Sullivan’s FTC testimony, he discovered that Uber had been compromised once more. On November 14, 2016, Sullivan received an email from the cybercriminals. Informing Sullivan and other Uber employees that they had acquired a sizable amount of customer data, the cybercriminals sought a sizable ransom from Uber in order to have the data deleted.

The proof showed that soon after becoming aware of the scope of the 2016 breach, Sullivan implemented a plan to keep the FTC from knowing about it, instead of informing the FTC, other law enforcement agencies, or Uber’s users.

Sullivan then made arrangements to pay the hackers in return for their signing non-disclosure agreements, which featured the false assurance that the hackers did not extract or save any data in their hack and contained the hackers’ vow not to disclose the intrusion to anybody.

The two hackers, Brandon Charles Glover and Vasile Mereacrein, were charged in 2019 and entered guilty pleas; however, sentences have not yet been handed out. In Sullivan’s trial, the latter recently provided testimony.

A federal jury convicted Sullivan guilty, and he now faces up to eight years in imprisonment for the two offenses. Sullivan claimed throughout the trial that he forgot to notify the breach to the FTC because the decision on when the breach should be revealed was made by Uber’s legal department. However, only Sullivan has been charged thus far in relation to this event and the subsequent cover-up.

The post Former Uber CSO faces eight years of imprisonment for hiding hack from law enforcement appeared first on Cyber Security News Exploit One

You may also like

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign