Uber Technologies Inc. acknowledged a 2016 data breach affecting 57 million passengers and drivers on Friday. This was a settlement with U.S. authorities to avoid criminal prosecution. Prosecutors say a former security chief planned to pay hackers $100,000 in Bitcoin to hide the event.
Uber Technologies Inc. acknowledged on Friday that it concealed a 2016 data breach that affected 57 million passengers and drivers. This acceptance of responsibility came as part of a settlement with U.S. prosecutors in order to avoid criminal charges. According to prosecutors, a former security head had planned to pay $100,000 in Bitcoin to hackers to conceal the incident.
Uber Technologies Inc.’s 2016 data breach & intentional failure to report the security issue
It’s security and privacy issues originally began in 2011 with allegations of parties giving its guests the “God View”. There was a “Creepy Stalker” version of “God View”, which displayed the real-time whereabouts and movements of specific Uber users. An entrepreneur, Peter Sims, discovered that he was portrayed in this version. Being unhappy about the privacy breach, he produced a Medium piece titled “Can We Trust Uber?” that went viral. Eventually, the news reports gave birth to regulatory probes which were then followed by two breaches.
The first breach happened in 2014, when an intruder had somehow accessed Uber driver data. In 2016, Uber suffered a second, greater data leak. However, it didn’t disclose the 2016 hack to users or authorities. This was despite the fact that it happened while the firm was under investigation for the first breach and “God View” events.
In response to the hack that occurred in 2016, former Chief Security Officer Joseph Sullivan devised a plan to withhold and conceal from the Federal Trade Commission. He concealed both the hack itself and the fact that the data breach had resulted in the hackers obtaining millions of records associated with Uber’s users and drivers.
When did the company report the 2016 hacking?
In the process of entering into a non-prosecution agreement, Uber admitted that its personnel failed to report the hacking that occurred in November 2016 to the United States Federal Trade Commission. This was despite the fact that the agency was investigating the ride-sharing company’s data security at the time.
The United States Attorney for the Northern District of California, Stephanie Hinds, stated that the company waited about a year to report the breach. It only reported the incident after appointing new executive leadership who “established a strong tone from the top” regarding ethics and compliance.
How did Uber escape criminal charges?
Hinds stated that the decision to not bring criminal charges against Uber was a reflection of the prompt inquiry and disclosures made by the new management. Another reason was Uber’s 2018 commitment with the FTC to maintain a thorough privacy program for the next 20 years.
Additionally, the corporation, which has its headquarters in San Francisco, is helping with the prosecution of a former security chief. The security chief named Joseph Sullivan is now under trial for the alleged role he played in covering up the hacking. Requests for response were made to Uber Technologies Inc., but they did not answer immediately. However, they finally agreed to aid the prosecution in Joseph Sullivan’s trial.
Uber agrees to help in trial against former security head Joseph Sullivan
The initial indictment against Joseph Sullivan was handed down in the September of 2020. According to the prosecution, Sullivan agreed to pay the hackers a total of one hundred thousand dollars in Bitcoin. He also had them sign non-disclosure agreements that wrongly stated that they had not stolen any data. Sullivan is now being charged with conspiring to commit wire fraud.
The company ran a bounty program with the intention of rewarding security researchers who brought to light flaws in the company’s software. But this scheme was not intended to hide data breaches.
In September of 2018, Uber settled charges that it had been too sluggish to reveal the hacking. The company did so by paying a total of $148 million to all 50 states in the United States as well as the District of Columbia.
Did this prosecution incident affect Uber’s share price?
On Friday, Uber stock finished the day with a loss of 93 cents, trading at $23.30. After the closing bell in the U. S. markets, the non-prosecution agreement was made public.
Whether or not this acknowledgement of responsibility for hacking cover up by Uber affected its share price will now be revealed when share markets open up on Monday. But it is evident that the company’s new leadership is committed to improving security and ensuring the users’ safety & privacy.
Read more: Uber adds new safety feature “emergency assistance”