Uber CSO punished for lies about data breach 

Josh Klasco Blog

Cybersecurity compromises don’t just hurt the company, they could also have not only civil but criminal ramifications for those responsible for letting them happen — especially if they try to cover them up. 

A recent article from Reuters broke the story about Uber’s attempt to hide a data breach.  

Turns out Uber suffered a massive cyber attack that no one knew about.  That’s because Uber’s former Chief Security Officer, Joseph Sullivan, kept the whole thing under wraps. Sullivan feared that Uber’s stock would plummet if people found out that they’d been hacked, so he decided to sweep the affair under the rug.  

He paid the hackers $100K in bitcoin and had them sign a non-disclosure agreement (who knows why he thought a group of criminals would honor an NDA). Recently, this whole saga came to light, and now Sullivan has been found guilty of obstruction of justice and deliberate concealment of a felony. 

Did Sullivan act alone in this decision? Probably not. Even though he was a senior executive, it’s hard to imagine that the decision to pay a ransom to a bunch of hackers was made without any other C-suite execs (not to mention the CEO) knowing about it. In fact, we could even assume that a seasoned CISO like Sullivan tried to report the attack and was blocked by other executives who were worried about what that would do to their stock. Regardless, you can be sure that anybody who knew anything will deny any knowledge — pinning the whole thing on Sullivan. 

This is bad news for Sullivan. Calling this just a career killer would be like calling Mount Everest just a mountain. Sullivan’s robust tapestry of lies is not only undermining his legacy and credibility but also sending him to prison for quite some time.  

It’s not too late once you’ve been hacked, but it may be once the bad actors decide to do something about it, like hold you up for ransomware. That’s why detection is so important. An ounce of detection is worth a pound of remediation. Sign up for free lifetime detection, so you can see what ails you at no charge or disruption to your present cyber defense posture.

Want to learn more?