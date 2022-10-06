Uber's former security chief has been convicted of covering up a massive 2016 hack, according to reports

According to US media reports, a jury on Wednesday found Uber's former security chief guilty of federal crimes for concealing a significant hack that exposed the personal information of customers and drivers.

When he concealed a hack in 2016 rather than reporting it, Joseph Sullivan was found guilty of impeding the operation of the Federal Trade Commission and of neglecting to notify authorities of a crime, according to news sources. Sullivan might receive a prison term.

According to the federal complaint, Sullivan attempted to pay off the hackers by channelling money through a "bug bounty" programme that compensates engineers for disclosing security vulnerabilities without causing any harm.

Uber paid the hackers $100,000 in bitcoin in December 2016, and according to the prosecution, Sullivan demanded that they sign non-disclosure agreements pledging to stay quiet about the arrangement.

From April 2015 to November 2017, Sullivan served as Uber's chief security officer.

According to the criminal complaint, Sullivan misled Uber's new CEO Dara Khosrowshahi, who was chosen to succeed Travis Kalanick and was appointed in the middle of 2017.

When the charges were announced, US Attorney David Anderson for the Northern District of California remarked in a statement, "Silicon Valley is not the Wild West."

"We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments."

According to Khosrowshahi, two employees of the Uber information security team who "led the response"—which includes delaying notifying users of the data breach—were fired from the San Francisco-based business.

The head of Uber claimed to have found that unauthorised individuals broke into a cloud server utilised by the business for data storage and downloaded a sizable amount of data.

According to Uber, stolen files contained the names, email addresses, and cell phone numbers of millions of passengers as well as the names and licence details of about 600,000 drivers.

According to an AFP source, co-founder and former CEO Kalanick were informed of the breach soon after it was uncovered, but it wasn't made public until Khosrowshahi became aware of the event.

A request for comment on the decision from Uber went unanswered.

"It's a significant precedent that has already sent shockwaves through the CISO (chief information security officer) community," said Casey Ellis, founder and CTO of Bugcrowd, a pioneer in crowd-sourced cybersecurity based in San Francisco.

"It highlights the personal liability involved in being a CISO in a dynamic policy, legal, and attacker environment."

(With inputs from Agencies)