Tag: breach
Uber’s Former Security Chief Convicted of Covering Up 2016 Data Breach
A federal jury has convicted Uber’s former security chief of charges related to a 2016 cover-up involving the ride-share giant, according to journalists present in the courtroom.
Former Uber Exec Joe Sullivan Found Guilty of Concealing 2016 Data Breach
Mr. Sullivan was deposed by the F.T.C. as it investigated a 2014 breach of Uber’s online systems. Ten days after the deposition, he received an email from a hacker who claimed to have found another security vulnerability in its systems. Mr. Sullivan learned that the hacker and an accomplice had downloaded the personal data of about 600,000 Uber drivers and additional personal information associated with 57 million riders and drivers, according to court testimony and documents. The hackers pressured Uber to pay them at least $100,000. Mr. Sullivan’s team referred them to Uber’s bug bounty program, a way of paying “white hat” researchers to report security vulnerabilities. The program capped payouts at $10,000, according to court testimony and documents. Mr. Sullivan and his team paid the hackers $100,000 and had them sign a nondisclosure agreement.
During his testimony, one of the hackers, Vasile Mereacre, said he was trying to extort money from Uber. Uber did not publicly disclose the incident or inform the F.T.C. until a new chief executive, Dara Khosrowshahi, joined in the company in 2017. The two hackers pleaded guilty to the hack in October 2019. States typically require companies to disclose breaches if hackers download personal data and a certain number of users are affected. There is no federal law requiring companies or executives to reveal breaches to regulators. Federal prosecutors argued that Mr. Sullivan knew that revealing the new hack would extend the F.T.C. investigation and hurt his reputation and that he concealed the hack from the F.T.C. Mr. Sullivan did not reveal the 2016 hack to Uber’s general counsel, according to court testimonies and documents. He did discuss the breach with another Uber lawyer, Craig Clark.
Mr. Sullivan did not reveal the 2016 hack to Uber’s general counsel, according to court testimonies and documents. He did discuss the breach with another Uber lawyer, Craig Clark. Like Mr. Sullivan, Mr. Clark was fired by Mr. Khosrowshahi after the new Uber chief executive learned about the details of the breach. Mr. Clark was given immunity by federal prosecutors in exchange for testifying against Mr. Sullivan. Mr. Clark testified that Mr. Sullivan told the Uber security team that they needed to keep the breach secret and that Mr. Sullivan changed the nondisclosure agreement signed by the hackers to make it falsely seem that the hack was white-hat research. Mr. Sullivan said he would discuss the breach with Uber’s “A Team” of top executives, according to Mr. Clark’s testimony. He shared the matter with only one member of the A Team: then chief executive Travis Kalanick. Mr. Kalanick approved the $100,000 payment to the hackers, according to court documents. The case is “believed to be the first time a company executive faced criminal prosecution over a hack,” notes the report.
“The way responsibilities are divided up is going to be impacted by this. What’s documented is going to be impacted by this The way bug bounty programs are designed is going to be impacted by this,” said Chinmayi Sharma, a scholar in residence at the Robert Strauss Center for International Security and Law and a lecturer at the University of Texas at Austin School of Law.
Read more of this story at Slashdot.
Red Bull found to have only committed a minor breach of £114m spending cap
Irish watchdog sends draft decision in Facebook data breach probe
The draft decision on the Meta investigation has been sent to other EU data authorities, which have one month to review and raise any objections.
Read more: Irish watchdog sends draft decision in Facebook data breach probe
Optus: How a massive data breach has exposed Australia
Australia government wants Optus to pay for data breach
Optus, Australia’s second largest telco, says customer data exposed in data breach
Australia telecoms giant Optus said current and former customer data was accessed following a cyberattack on its systems. Optus said in a press release on Thursday that an unspecified number of customer names, dates of birth, phone numbers, email addresses, and addresses and identity document numbers, such as driver’s license or passport numbers, were taken […]
Optus, Australia’s second largest telco, says customer data exposed in data breach by Zack Whittaker originally published on TechCrunch
Daily Crunch: Revolut advises users to take caution after hacker breach triggers phishing campaign
Hello, friends, and welcome to Daily Crunch, bringing you the most important startup, tech and venture capital news in a single package.
Daily Crunch: Revolut advises users to take caution after hacker breach triggers phishing campaign by Christine Hall originally published on TechCrunch