Uber's former CSO charged over hush money to hackers

By

Cover up of massive 2016 data breach alleged.

US federal authorities have pressed charges against the former chief security officer of transportation company Uber, Joseph Sullivan, alleging he made illegal hush money payments to hackers who stole sensitive personal information in 2016.

Uber's former CSO charged over hush money to hackers

Uber initially did not disclose the 2016 data breach that saw Canadian Vasile Mereacre and Floridan Brandon Glover access and download a database stored on Amazon Web Services, using an engineer's credentials accidentally left on the open source repository Github.

The two were arrested and pleaded guilty in October 2019, not just to the Uber hack but other attacks on tech companies that followed their successfull data breach of the ridesharing company and ensuing payout.

Sensitive personal information for around 57 million Uber customers and drivers was stored in the database, and it included the drivers' licence numbers of approximately 600,000 people.

US prosecutors now allege that the hackers emailed Sullivan in November 2016 to tell him that Uber had been breached.

Uber confirmed the breach but rather than report it to the Federal Trade Commission, the then CSO tried to hide the event and arrange payments to the hackers, prosecutors allege.

Sullivan sought to pay the hackers through a bug bounty program normally aimed at security researchers who ethically disclose flaws and vulnerabilities to Uber.

The former CSO is also alleged to have falsified a report on the hack and the US$100,000 payment in Bitcoin prepared for incoming chief executive Dara Khosrowshahi in 2017.

If found guilty, Sullivan faces a maximum penalty in prison.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?