A former Uber chief security officer has been charged in the US with allegedly covering up the massive 2016 hack that hit the ride-hailing platform involving over 57 million drivers and customers.
According to a report in SC Media, the federal prosecutors charged Joe Sullivan who is accused of arranging to “pay the hackers $100,000 as if it was a bug bounty rather than an extortion demand”.
“Silicon Valley is not the Wild West,” US Attorney David L. Anderson told the mediapersons on Thursday.
“We expect good corporate citizenship. We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments,” Anderson was quoted as saying in the report.
By disguising the nature of the payment to hackers, Sullivan allegedly concealed the breach from authorities and deceived Uber management before Dara Khosrowshahi took over as the new CEO.
A spokesperson for Sullivan described the case as having “no merit”.
The ride-hailing platform Uber disclosed that two hackers “inappropriately accessed” in 2016 names, email addresses and phone numbers of 57 million customers and drivers, and the license numbers of around 600,000 drivers.
This information included names, email addresses and mobile phone numbers.
“Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded,” Khosrowshahi posted.
Uber in 2018 agreed to pay about $5.79 million to drivers and passengers in Washington State for failing to notify them of possible leak of their personal information.
The company also apologised to its 156,000 users in Brazil, whose personal information was leaked in a major data breach in 2016.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]