![]() ![]() The evidence demonstrated that, shortly after learning the extent of the 2016 breach and rather than reporting it to the FTC, any other authorities, or Uber’s users, Sullivan executed a scheme to prevent any knowledge of the breach from reaching the FTC. Employees working for Sullivan quickly verified the accuracy of these claims and the massive theft of user data, which included records on approximately 57 million Uber users and 600,000 driver license numbers. The hackers informed Sullivan and others at Uber that they had stolen a significant amount of Uber user data, and they demanded a large ransom payment from Uber in exchange for their deletion of that data. The hackers reached out to Sullivan directly, via email, on November 14, 2016. Sullivan’s testimony included specific representations about steps he claimed Uber had taken to keep customer data secure.Įxactly ten days after his FTC testimony, Sullivan learned that Uber had been hacked again. Specifically, Sullivan supervised Uber’s responses to the FTC’s questions, participated in a presentation to the FTC in March 2016, and testified under oath, at length, to the FTC on November 4, 2016, regarding Uber’s data security practices. The evidence at trial demonstrated that Sullivan, in his new role as CSO, played a central role in Uber's response to the FTC. In May 2015, the month after Sullivan was hired, the FTC served a detailed Civil Investigative Demand on Uber, which demanded both extensive information about any other instances of unauthorized access to user personal information, and information regarding Uber’s broader data security program and practices. In the wake of that disclosure, the FTC’s Division of Privacy and Identity Protection embarked on an investigation of Uber's data security program and practices. ![]() At that time, Uber had recently disclosed to the FTC that it had been the victim of a data breach in 2014 (“2014 Data Breach”) and that the breach related to the unauthorized access of approximately 50,000 consumers’ personal information, including their names and driver’s license numbers. The evidence at trial established that Sullivan was hired as Uber’s Chief Security Officer (“CSO”) in April 2015. The circumstances regarding Sullivan’s violations of the law involve two separate hacks of Uber’s databases-one in 2014 and another in 2016. “The FBI and our government partners will not allow rogue technology company executives to put American consumers’ personal information at risk for their own gain." “The message in today’s guilty verdict is clear: companies storing their customers’ data have a responsibility to protect that data and do the right thing when breaches occur,” said FBI Special Agent In Charge Tripp. ![]() Where such conduct violates the federal law, it will be prosecuted.” We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught. “We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. “Technology companies in the Northern District of California collect and store vast amounts of data from users,” said U.S. Tripp following a four week trial before the Hon. ![]() Hinds and FBI San Francisco Special Agent in Charge Robert K. The announcement was made by United States Attorney Stephanie M. (“Uber”), of obstruction of proceedings of the Federal Trade Commission (“FTC”) and misprision of felony in connection with his attempted cover-up of a 2016 hack of Uber. SAN FRANCISCO – A federal jury convicted Joseph Sullivan, the former Chief Security Officer of Uber Technologies, Inc. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |