Former Uber security chief convicted for concealing hack
Uber`s former leader protection officer, Joseph Sullivan, has been sentenced to a few years' probation for his function in overlaying up a cyber-assault at the ride-hailing corporation. The assault befell in November 2016 while hackers got entry to fifty-seven million information of Uber customers, together with names and speak to numbers. Sullivan changed into being responsible for paying the hackers $100,000 in exchange for signing non-disclosure agreements to hold the hack a mystery from authorities.
In addition to his probation, Sullivan has been ordered to pay a $50,000 first-rate and carry out 2 hundred hours of network service. Prosecutors at first sought a 15-month jail sentence for Sullivan. However, the choice confirmed leniency, pointing out that he changed into contemplating the reality that this changed into the primary case of its type and that Sullivan's man or woman changed into an issue in his decision.
The hack changed into a determination when the hackers emailed Sullivan and informed him that that they'd stolen a huge quantity of facts and demanded a ransom. Sullivan showed that facts, together with information of fifty-seven million Uber customers and 600,000 using license numbers, have been stolen. He organized for the hackers to be paid $100,000 in exchange for his or her silence.
The price changed into being disguised as a "malicious program bounty," that's a praise paid to cybersecurity researchers who divulge vulnerabilities in order that they may be fixed. However, the hackers have been, in the end, charged with conspiracy in 2019 and pleaded responsible.
Sullivan changed to additionally responsible for obstructing research with the aid of using the Federal Trade Commission (FTC). The FTC did research into the breach. However, Sullivan failed to reveal the price paid to the hackers. This brought about the obstruction charge.
The case has highlighted the significance of cybersecurity and the desire for businesses to be obvious approximately any facts breaches. It has additionally brought about expanded scrutiny of malicious program bounty programs, which have been criticized for being a way for businesses to keep away from taking obligation for fact breaches.
Overall, the case serves as a caution to businesses that they want to take cybersecurity significantly and be obvious approximately any breaches that occur. Failure to accomplish that can bring about critical results for each of the corporation and its executives.