Uber's former security head Joseph Sullivan charged with attempt to cover-up of data hack

Uber's former chief security officer Joseph Sullivan has been charged in the US for trying to cover up a data breach that occurred back in 2016 and left the information of 57 million drivers and passengers vulnerable.

Sullivan has been charged with obstruction of justice. It has also been revealed that pertaining to that data breach, Uber paid the alleged hackers $100,000 in an effort to get them to delete the data they had stolen.

Attempted cover-up of data breach

As per a press release from the United States Attorney’s Office in California, Sullivan is accused of trying to cover up the 2016 data breach. He has been accused of taking deliberate steps “to conceal, deflect, and mislead the Federal Trade Commission”. The database that was hacked contained the license plate numbers of as many as 600,000 Uber drivers.

US Attorney David Anderson who is handling the case has said the 'Silicon Valley is not the Wild West' and added that the country expects good corporate citizenship. He said, "We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush-money payments.”

Read: EU Regulators Discuss Twitter Data Breach Penalty With Irish Authorities

FBI Deputy Special Agent in Charge Craig Fair stated that Sullivan’s actions were a crime and an example of a corporation's prolonged attempts to subvert law enforcement. He hoped that this case will make other corporations take notice and release that they gain nothing by helping hackers cover their tracks and making things worse for their customers.

Back in 2017, Sullivan was fired once the data breach was made public and he currently works as a chief information security officer at cyber-security firm Cloudflare. Sullivan’s spokesperson has denied the allegations levelled against him. The two hackers responsible for the 2016 data breach have already been identified and plead guilty on October 30 of last year, both of them currently await sentencing.

Read: California Judge's Order Prevents Uber And Lyft From Classifying Drivers As Contractors

EU probes Twitter data breach

Meanwhile, European Union privacy regulators are still amidst discussions regarding the penalty to be issued to social media giant Twitter by Ireland’s data privacy watchdog for a data breach. The case comes under the ambit of EU’s tough new data privacy law and its conclusion has long been awaited. The new privacy laws were introduced in 2018 and allow for tough fines on technology companies.

The case in question is regarding a security breach that affected Twitter’s Android app users by allowing anyone to access protected tweets of those app users. The data breach is reported to have lasted for four years and the Irish regulator had lodged a case against Twitter for its failure to report the data breach within 72 hours.

Read: Uber Lost $1.8B In 2Q As Riders Stayed Home And Ordered In

Read: From Uber To Prison: The Downfall Of Ex-Google Engineer Anthony Levandowski