Security Chief Covered Up Uber Data Breach Affecting 57 M Users

The Uber logo

The former chief security officer for Uber has been convicted of attempting to cover up a major 2016 data breach in which hackers accessed nearly 57 million user records and sensitive information.

According to a report in The Daily Mail, a federal jury in San Francisco convicted Joseph Sullivan of obstructing justice and concealing knowledge that a federal felony had been committed following the Uber data breach, prosecutors said. Sullivan could face a total of eight years in prison on the two charges at the time of his sentencing.

Massive Cover-Up of Uber Data Breach Alleged

Prosecutors said that while tech companies collect and store a vast amount of data from consumers, they will “not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users.” This is believed to be the first criminal prosecution of a company executive over a data breach.

In November 2016, Sullivan was emailed by hackers and employees quickly confirmed that they had stolen sensitive information involving 57 million users. They also accessed 600,000 driver’s license numbers, prosecutors said. After finding out about this massive data breach, Sullivan hatched a scheme to hide it from the public and the Federal Trade Commission (FTC), which had been investigating a smaller 2014 hack.

Uber arranged to pay the hackers $100,000 in bitcoin in exchange for them signing non-disclosure agreements promising not to reveal the hack. Sullivan also did not mention the Uber data breach to company lawyers who were involved with the FTC’s inquiry.

Questions Remain About Uber’s Cybersecurity

Meanwhile, there was another major data breach at Uber last month where a lone hacker apparently gained access posing as a colleague tricking an Uber employee into surrendering their credentials. The company has claimed there was no evidence this hacker got access to any sensitive user data.

But this has experts questioning whether Uber’s cybersecurity has gotten any better. Screenshots the hacker shared with security researchers indicate they got full access to the cloud-based systems where Uber stores sensitive customer and financial data. It is still unknown how much data the hacker stole or how long they were inside the company’s network.

Red Flags that Your Information Has Been Compromised

In such an environment where data breaches are so common, it is important to be able to identify red flags when your information has been compromised. Here are some indicators:

  • Charges to a credit card or bank account that you have not authorized.
  • Collection notices or calls about a debt you don’t owe.
  • Errors on your credit report including inquiries from businesses you don’t recognize.
  • Being denied credit, even though you know you have good credit.
  • You have issues filing your tax return.
  • You receive mail for an unknown credit card or store charge account.

Responsibility of Businesses and Corporations

As more and more systems get computerized, hacks such as this Uber data breach have become extremely common. They could happen in any industry, be it banking, restaurants, hotels, healthcare, or rideshare. However, they should not be common. Companies are required to take every step possible to protect the valuable information of their employees, customers, and others who entrust such information to them believing that it will be safe.

They are required to have safety protocols to protect sensitive consumer information. However, even these large corporations don’t make the necessary investments to safeguard precious user information. When such data breaches occur, they could have devastating consequences for consumers. The damages could span anywhere from the loss of a few hundred dollars to financial ruin.

How Can You Protect Yourself?

If you believe your information has been compromised in a data breach, here are a few steps you can take to protect yourself:

  • Check with the website of the company or agency that was breached for the latest information. See if they have a helpline or hotline to answer your questions.
  • Consider putting a credit freeze or fraud alert on your credit reports with the three major credit-reporting agencies. This will prevent anyone from accessing your credit report or scores. This means you cannot apply for new credit without lifting the freeze. This is a very important step to protect yourself.
  • Be sure to monitor your credit cards, statements and bank accounts for any unauthorized activity. If your bank has a service that sends out text alerts when there is a suspicious transaction on your account, be sure to sign up for that service.
  • Be wary of scammers who may pose as a retailer, bank, or credit card company. Phishing emails may attempt to fool you into providing your personal information. Do not fall into the trap.
  • Create complex passwords. Use different passwords for each account and be sure to change your passwords if a company you’ve interacted with gets hacked.
  • Use multi-factor authentication when it is available. This allows access only after two or more pieces of authentication are presented. Typically, it’s a password and a code that is sent to the user by phone, text, or email at the time of logging in.
  • Shop with a credit card whenever possible. You may have less liability for fraudulent credit card charges as opposed to a debit card.

How a California Class Action Lawyer Can Help

If you have suffered losses as a result of the data breach, contact an experienced California class action lawyer to obtain more information about pursuing your legal rights. You need to take the necessary steps to protect yourself. An experienced lawyer will help you understand what is at stake after a data breach and what legal remedies are available to you.

FREE Case Evalution

Our staff will evaluate your case submission and respond in a timely manner.

California Personal Injury Blog