Former Uber CSO Charged Over Alleged Breach Cover-Up

A former Uber CSO has been charged with obstruction of justice after allegedly concealing the facts of a major 2016 breach of the firm from law enforcement, regulators and senior management.

Joseph Sullivan, 52, of Palo Alto, was the car hire giant’s security supremo from April 2015 to November 2017.

The criminal complaint against him, filed in a federal court on Thursday, alleges that he failed to inform the FTC about the compromise of personally identifiable information (PII) on 57 million customers and drivers.

Ironically, he apparently received an email from the hacker informing him of the breach just 10 days after having completed testimony to the regulator about a previous 2014 breach.

Instead of coming clean, Sullivan is alleged to have paid the cyber-criminals $100,000 in Bitcoin through a bug bounty program and forced them to sign an NDA claiming falsely that no data was taken or stored.

The indictment claimed that Uber personnel were able to discover the identities of two of the attackers, whose real names were placed on the NDA.

The Department of Justice complaint said that in August 2017, Sullivan briefed Uber’s new CEO, Dara Khosrowshahi, about the incident via email, editing the summary prepared by his team. It apparently stated falsely that payment had been made only after the hackers had been identified and also removed details about the type of data taken.

Sullivan now faces one count of obstruction of justice, carrying a five-year maximum term, and one count of misprision of a felony, which could land him three years. The latter offense is one in which an individual fails to inform the authorities of a ..

Support the originator by clicking the read the rest link below.