Uber‘s former Chief Security Officer (CSO), Joseph Sullivan, was charged with covering up a 2016 data breach that compromised the personal information of 57 million drivers and users. Rather than report the breach to the Federal Trade Commission (FTC), which was investigating an earlier hack at the company from 2014, Sullivan instead arranged to pay the hackers $100,000 in Bitcoin, according to a statement Thursday from U.S. Attorney David L. Anderson in San Francisco.
Sullivan was charged with obstruction of justice and failing to report his knowledge of a felony. It is scary to think of how many other breaches or hacks there may have been, not only at Uber while Sullivan was in charge, but in general, that have not been reported. It is incredibly doubtful that Joe Sullivan is the only person in the data privacy industry to attempt to quiet and bribe hackers or hide blatant violations of consumer trust and privacy. Think of how many data breaches and lawsuits have come out this year alone because of CCPA and other state data privacy legislations, and now imagine how many companies have most likely been able to sweep these issues under the rug without their consumers or the media noticing.
A lot of times, hackers are not worried about the principle or morality of the situation, they just want to get paid. You would hope the CSO would take a different moral approach than the hackers, but Sullivan shows at the end of the day the privacy field is very new and still very fresh. Thankfully, now there are more laws in place like the CCPA to bring transparency to the data collection industry.
Sullivan joined Uber in 2015 and has an extensive history in data privacy and security. He not only served as CSO at Uber, but also had the same role at Facebook in 2008. Sullivan was contacted by one of the hackers, which he didn’t communicate to the FTC, and sought to pay off the hackers through a bounty program that rewards “white hat” hackers who let a company know about security flaws without stealing data. The problem is that these two hackers took personal information and private data from over 57 million Uber users and drivers. That data is highly sensitive because Uber most likely has tracking software in place that monitors your every movement, due to the popularity of the app and users’ security.
You can take back control of your data. Download the Loginhood Chrome extension to block third party data trackers and cookie stealers. In under three clicks, you can retake responsibility over your data and help prevent your data from being stolen in the next massive data breach. You can also decide who to share your data with and get compensated for it.
Many of us are currently uncomfortable with data privacy because it often feels like we have little say in the process and no assurances that our information is being protected. In this new era of data privacy, Loginhood brings total transparency to consumers and businesses and does it in a transformative way.