SAN FRANCISCO (AP) — The former chief protection officer for Uber was convicted Wednesday of striving to cover up a 2016 data breach in which hackers accessed tens of tens of millions of purchaser documents from the journey-hailing company.
A federal jury in San Francisco convicted Joseph Sullivan of obstructing justice and concealing awareness that a federal felony had been committed, federal prosecutors said.
Sullivan stays totally free on bond pending sentencing and could experience a whole of 8 yrs in prison on the two charges when he is sentenced, prosecutors explained.
“Technology companies in the Northern District of California gather and store wide quantities of facts from people,” U.S. Lawyer Stephanie M. Hinds mentioned in a statement. “We will not tolerate concealment of significant details from the community by company executives additional interested in shielding their status and that of their companies than in guarding end users.”
Sullivan was employed as Uber’s main protection officer in 2015. In November 2016, Sullivan was emailed by hackers, and workforce swiftly verified that they experienced stolen documents on about 57 million customers and also 600,000 driver’s license numbers, prosecutors explained.
Soon after studying of the breach, Sullivan began a plan to hide it from the community and the Federal Trade Fee, which experienced been investigating a smaller sized 2014 hack, authorities explained.
According to the U.S. attorney’s place of work, Sullivan informed subordinates that “the story exterior of the safety group was to be that ‘this investigation does not exist,’” and arranged to shell out the hackers $100,000 in bitcoin in trade for them signing non-disclosure agreements promising not to expose the hack. He also never described the breach to Uber attorneys who had been involved with the FTC’s inquiry, prosecutors said.
“Sullivan orchestrated these acts despite knowing that the hackers were being hacking and extorting other organizations as very well as Uber,” the U.S. lawyer’s business office stated.
Uber’s new management commenced investigating the breach in the slide of 2017. Even with Sullivan lying to the main govt officer and many others, the truth was uncovered and the breach was made public, prosecutors said.
Sullivan was fired. The hackers pleaded responsible in 2019 to laptop fraud conspiracy costs and are awaiting sentencing.
An e mail to Uber seeking comment on the conviction wasn’t right away returned.
Some specialists have questioned how a lot cybersecurity has improved at Uber due to the fact the breach.
The firm introduced last thirty day period that all its products and services have been operational following what stability pros termed a significant facts breach, claiming there was no proof the hacker got entry to sensitive person data.
The lone hacker seemingly gained access posing as a colleague, tricking an Uber staff into surrendering their credentials. Screenshots the hacker shared with safety researchers show they attained whole accessibility to the cloud-centered devices the place Uber stores delicate consumer and economic facts.
It is not regarded how a lot facts the hacker stole or how long they were inside of Uber’s community. There was no indication they wrecked info.
The Affiliated Press