As part of a settlement with the US Department of Justice to avoid criminal prosecution, Uber confessed to concealing a large cybersecurity incident that occurred in October 2016, exposing the sensitive data of 57 million customers and drivers.
Trial Starts Five Years After Uber Massive Data Leak
The Verge reported that after discovering the breach a year after it occurred, Uber CEO Dara Khosrowshahi and his team informed the public, drivers, and government authorities that hackers had obtained access to the names, email addresses, and phone numbers of up to 57 million Uber users and drivers as well as the driver's license numbers of 600,000 US Uber drivers.
At the time, Joe Sullivan, Uber's chief security officer, was fired after discovering that he was complicit in the cover-up. Later, Sullivan was charged with obstruction of justice for attempting to conceal a data breach from the FTC and the Uber management. His case is set to go to trial this week at a California court.
Read Also: Uber Eats' Nationwide Shipping Now Available From Merchants in Los Angeles, Miami, and New York
Back in July, Uber and federal prosecutors reached a non-prosecution agreement to end a criminal investigation into the company's 2016 cover-up of a large data breach.
The agreement also mentions that Uber paid $148 million and agreed to implement a corporate integrity program, specific data security safeguards, incident response, and data breach notification plans, as well as biennial assessments in order to resolve civil litigation with the attorneys general for all 50 States and the District of Columbia regarding the 2016 data breach.
In a Dec. 2021 press release, Acting US Attorney Stephanie M. Hinds tells the public, "Institutions that store personal information of others must comply with the law."
Acting US Attorney Hinds adds, "When hacks like this occur, state law requires notice to victims. Federal law also requires truthful answers to official government inquiries. The indictment alleges that Sullivan failed to do either."
As a result of investigations, state justice officials assert that Sullivan fabricated records to avoid the duty to notify victims and concealed a significant data breach from the FTC to benefit his company.
Joe Sullivan Faces Criminal Charges Over Data Breach Cover up
Former Uber security officer, Joe Sullivan, is set to face trial this week after an investigation pointed him as the 2016 breach cover-up mastermind. The Guardian tells us that this is thought to be the first case in which a company executive has faced the possibility of criminal prosecution for a purported data breach. Sullivan has pleaded not guilty to the charges.
According to officials, Sullivan should have informed the government of the breach immediately rather than misleading it by withholding information. If so, the FBI may have offered assistance to Uber and averted this significant data breach.
FBI reminds companies that it is most reasonable to " work with the FBI when dealing with the aftermath of a breach; such communication is a best practice in preventing the loss of data and private information."
Related Article: Uber and Lyft Drop Face Mask Requirements on Ride Sharing, As Per CDC
