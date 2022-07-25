Uber admits covering up 2016 hacking, avoids prosecution

By on
Uber admits covering up 2016 hacking, avoids prosecution

In US settlement.

Uber Technologies has accepted responsibility for covering up a 2016 data breach that affected 57 million passengers and drivers, as part of a settlement with US prosecutors to avoid criminal charges.

In entering a non-prosecution agreement, Uber admitted that its personnel failed to report the November 2016 hacking to the US Federal Trade Commission, even though the agency had been investigating the ride-sharing company's data security.

US Attorney Stephanie Hinds in San Francisco said Uber waited about a year to report the breach, after installing new executive leadership who "established a strong tone from the top" regarding ethics and compliance.

Hinds said the decision not to criminally charge Uber reflected new management's prompt investigation and disclosures, and Uber's 2018 agreement with the FTC to maintain a comprehensive privacy program for 20 years.

The San Francisco-based company is also cooperating with the prosecution of a former security chief, Joseph Sullivan, over his alleged role in concealing the hacking.

Uber did not immediately respond to requests for comment.

Sullivan was originally indicted in September 2020. Prosecutors said Sullivan arranged to pay the hackers US$100,000 (A$144,300) in bitcoin and have them sign nondisclosure agreements that falsely stated they had not stolen data.

Uber had a bounty program designed to reward security researchers who report flaws, but not to cover up data thefts.

In September 2018, Uber paid US$148 million to settle claims by all 50 US states and Washington, DC, that it was too slow to disclose the hacking.

The non-prosecution agreement was disclosed after US markets closed.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
hackedsecurityuber

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can&#8217;t protect what you can&#8217;t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

Most Read Articles

Microsoft Teams hit by global issue

Microsoft Teams hit by global issue
Heritage Bank ends CISO hunt

Heritage Bank ends CISO hunt
Westpac arms itself for cryptocurrency tilt

Westpac arms itself for cryptocurrency tilt
Home Affairs, ASIC, ACMA leave Global Switch data centre

Home Affairs, ASIC, ACMA leave Global Switch data centre

Digital Nation

Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up

Log In

  |  Forgot your password?