UBER’S EX-SECURITY CHIEF SUED FOR CONCEALING DATA BREACH
Uber's former chief security officer has been charged with trying to conceal from federal investigators a 2016 data breach that exposed the information of 57 million users to hackers, Rishi Iyengar reported for CNN Business early on August 21, 2020.
A complaint filed Thursday in the US District Court in San Francisco alleges that Joe Sullivan, who led Uber's security team for more than two years until November 2017, "engaged in a scheme to withhold and conceal" both the hack and the amount of data that was exposed from the US Federal Trade Commission.
The complaint alleges that Sullivan and Uber arranged to pay the hackers $100,000 in exchange for signing a non-disclosure agreement (NDA) about the hack, which falsely stated that they had not accessed or stored any company data. Uber didn't disclose the breach or the payment until late 2017.
"Silicon Valley is not the Wild West," US Attorney David Anderson said in a statement announcing the charges. "We will not tolerate illegal hush money payments." Sullivan, a former Assistant US Attorney, joined Uber in 2015 from Facebook, where he served as chief security officer for more than five years after stints at eBay and PayPal. He is currently the chief security officer of internet infrastructure company CloudFlare.