Uber does not finish getting rid of the hacking it suffered in 2016, but which the world learned about years later. Now, almost 6 years later, the cover-up case of the leak of thousands of personal data of drivers and platform users has a culprit. A formal one, needless to say. Joe Sullivan, who was head of security for Uber at the time of the leakhas been accused of covering up the fact that the data – including names, addresses and telephone numbers – of 57 million passengers and 7 million drivers.
Coinciding with the hangover from the Uber hack a few days ago by the Laps$us group, Sullivan has now been convicted of obstruction of justice by failing to disclose the hack to the FTC and a felony against law enforcement. As anticipated New York Times, this could lead to an 8-year prison sentence.
According to the indictment, which included Uber’s own CEO testifying against his former head of security, the purpose of this cover-up was to maintain the reputation of the position. Sullivan had been hired just a year before the hack with the goal of increasing the company’s security. The fact that such an attack had taken place was an offense against employment history the security manager. One who had gone through similar positions at Facebook or Cloudflare.
The Uber case, the first case against a security manager
It is, in fact, one of the first sentences of its kind against a security chief. This implies a change in the paradigm of the sector. As has been known in the trial, Sullivan would have negotiated with the leaders of the hack a payment of 100,000 dollars in Bitcoins. All after Uber credentials for its Amazon Web Service surfaced in a GitHub repository. Said transfer was known by the then CEO of the company and founder of Uber, Travis Kalanick was aware. Not so much the company’s lawyers and the successor in the direction of the technology company, Dara Khosrowshahi. The latter, in fact, declared at the trial that he “could no longer trust his word as head of security.”
Years later, it was Uber’s new management that forced Sullivan to report the hack, in addition to actively collaborating with the FTC to resolve this and future cases. In addition to paying the corresponding fines for silence in the leak: a total of 148 million dollars.