Fox Business Flash headlines are here. See what’s clicking on FoxBusiness.com.
In an unusual case, a former chief security officer for Uber Technologies on Thursday was criminally accused of trying to cover a 2016 hack that exposed personal information of about 57 million of the ride-healing company’s customers and drivers.
UBER offers $ 24.99 PER MONTH MEMBERSHIP
The Justice Department accused Joseph Sullivan, 52, of criminal obstruction of justice, saying he “took deliberate steps” to keep the Federal Trade Commission from learning the hack while the Uber security agency checked in the kiel of a previous burglary.
| Ticker | Security | Last | Change | Change% |
|---|---|---|---|---|
| UBER | UBER TECHNOLOGIES INC. | 31.41 | +1.99 | + 6.76% |
The case was believed to be the first time an official information security officer has been accused of hiding a hack.
Sullivan, himself a former federal prosecutor, ordered the hackers to pay $ 100,000 under Uber’s program to reward security investigators who report bugs. That amount was by far the most that Uber had paid through the bounty program, which was not intended to cover theft of sensitive data.
UBER LAYS OFF 3,700 WORKERS IN CORONAVIRUS, CEO WAALT SALARIS
A former head of security at Facebook Sullivan now works as chief information security officer at Cloudflare.
In previous interviews, security personnel said the Uber payout was intended to force hackers to openly accept the money and ensure that the data, in particular driving license information about Uber contractors, was destroyed.
The complaint states that Sullivan’s hackers had signed non-disclosure agreements that falsely stated they did not steal any data. It claims that then-CEO Travis Kalanick was aware of Sullivan’s actions.
A Kalanick spokeswoman declined to comment. A Sullivan spokesman said he had worked with his colleagues on the case and that matters of disclosure had been decided by the legal department.
“If not for the efforts of Mr Sullivan and his team, it is likely that the individuals responsible for this incident would never have been identified,” spokesman Brad Williams said.
Kalanick’s successor as CEO – current Uber boss Dara Khosrowshahi – revealed the compensation, then fired Sullivan and a replacement after learning the extent of the breach. Uber then paid $ 148 million to settle claims by all 50 U.S. states and Washington, DC that it had been too slow to disclose the hack.
The Uber case will resonate for the growing number of companies dealing directly with hackers.
GET FOX BUSINESS ON THE GO by clicking here
Many have bounty programs like Uber’s, which are widely seen as a tool to improve security and provide an incentive for hackers to stay within the law. But some participants do not play by the rules.
In the Uber case, the FBI noted, the two main hackers went on to attack other companies, allowing the agency to be prevented if Sullivan first went to law enforcement. Both have pleaded guilty and are awaiting sentencing.
The case also suggests that companies that pay hackers to get rid of ransomware, malicious programs that encrypt their files, are not exempt from reporting the loss of personally sensitive information.
CLICK HERE TO READ MORE ABOUT FOXBUSINESS
