By: Jillian Stella, December 05, 2017 (05:28 AM)

Uber Prison Time for Concealing a Breach

A new proposed bill ordains that subjects are eligible for jail time if:

  1. They are a company executive, and if;
  2. They hide the breach for over 30 days.

The Chief Security Officer of Uber Technologies, Inc. concealed his company’s breach for over a year.

That is twelve times the amount of time that is allowed if the Data Security and Breach Notification Act is passed.

Essentially, Uber was hacked in 2016 and they concealed it and concealed it until they couldn’t conceal it anymore.

57 million drivers and passengers were exposed – no one was informed.

Uber’s CSO Joe Sullivan, payed off $100k worth of ransomware and then decided “hey, this will hurt us – let’s try and squash all of the evidence” (concealment #1).

And they squashed alright.

Specifically, by tracking the hackers and forcing them to sign NDA agreements (concealment #2).

Ah, and to make matters worse for the transportation company, they fraudulently disclosed the event as if it were just a penetration test run by a fellow bug bounty hunter (concealment #3).

“Nothing to see here, we were just testing our security!” (not hiding the fact that the names, phone numbers and addresses of 50,000 of our drivers were compromised).

Additionally, all of said actions were influenced and carried out under Uber’s Chief Executive Officers supervision.

The Data Security and Breach Notification Act, introduced in 2014, failed to pass because it just didn’t receive the support it needed to pass the vote.

Certainly, had the bill passed, these Uber executives would be facing some uber jail time right about now.

Jillian Stella

Jillian Stella is a recent graduate from the University at Albany where she obtained a Bachelor’s of Science degree in Digital Forensics. Jillian is a Security Analyst and Researcher at Cursive Security where she works with and performs assessment and response services for clients. She is currently conducting research in the area of cyber threat intelligence.

Be Informed. Stay One Step Ahead.

Sign up for our newsletter and stay up to date with the latest industry news, trends, and technologies