Residence › Incident Response

Uber Settles With Federal Investigators Over 2016 Information Breach Coverup

By Ionut Arghire on July 25, 2022

Tweet

Uber has entered a non-prosecution settlement to resolve a felony investigation into the style during which the corporate dealt with a 2016 knowledge breach that impacted 57 million customers and drivers.

In November 2017, Uber disclosed that two people had accessed a third-party cloud service containing consumer knowledge, and introduced that two staff in control of main the response to the breach had been now not with the corporate.

In early 2018, Uber CISO John Flynn confirmed throughout a Senate committee listening to that the hackers obtained credentials from a personal GitHub web site after which used them to entry an Amazon Internet Companies (AWS) S3 bucket used for backup functions.

Flynn additionally admitted that, in November 2016, after being contacted by one of many people and confirming the information breach, Uber agreed to pay the hackers $100,000 by way of its HackerOne-based bug bounty program, in an try and hold the incident quiet.

In September 2018, Uber settled with all 50 states and the District of Columbia, agreeing to pay $148 million and to tighten knowledge safety after failing for a 12 months to inform customers and drivers of the information breach.

In 2020, former Uber CSO Joe Sullivan was charged over his function within the knowledge breach cover-up. Sullivan served as Uber CSO between April 2015 and November 2017.

Final week, the US Division of Justice (DoJ) introduced that, as a part of the non-prosecution settlement, Uber “admitted to and accepted duty for the acts of its officers, administrators, staff, and brokers in concealing its 2016 knowledge breach from the Federal Commerce Fee.”

On the time of the breach, the FTC was investigating Uber’s knowledge safety practices, requiring the corporate to supply data on any unauthorized entry to non-public data.

Within the non-prosecution settlement, Uber admitted that it did not report the information breach to the FTC, and that the hackers accessed a personal supply code repository utilizing stolen credentials, from the place they extracted a personal entry key that allowed them to obtain 57 million consumer information, together with 600,000 drivers’ license numbers.

The journey sharing large additionally admitted that the information breach was reported to the FTC just one 12 months later, when the corporate was beneath a brand new govt management.

The settlement notes that the brand new management promptly launched an investigation into the 2016 knowledge breach and disclosed it to the general public and to the related authorities and regulators. In line with the settlement, Uber has since invested considerably in bettering its compliance, authorized, and safety capabilities, and that the corporate has proven full cooperation with the authorities investigating the incident and the cover-up.

Moreover, the settlement additionally notes that, in October 2018, Uber settled with the FTC “to keep up a complete privateness program for 20 years and to report back to the FTC any incident reported to different authorities businesses regarding unauthorized intrusion into people’ client data,” and that it additionally settled civil litigation with the attorneys basic.

Associated: Settlement Curbs Agency’s Facial Recognition Database in US

Associated: Meta Agrees $90 Million Settlement in Fb Privateness Go well with

Associated: Accellion Reaches $8.1 Million Settlement Over FTA Information Breach

Get the Every day Briefing

• Most Current
• Most Learn

• PrestaShop Confirms Zero Day Assaults Hitting eCommerce Servers
• Senators Introduce Bipartisan Quantum Computing Cybersecurity Invoice
• Uber Settles With Federal Investigators Over 2016 Information Breach Coverup
• 1,000 Organizations Uncovered to Distant Assaults by FileWave MDM Vulnerabilities
• Up to date TSA Pipeline Cybersecurity Necessities Provide Extra Flexibility
• Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak
• T-Cell Settles to Pay $350M to Clients in Information Breach
• SonicWall Warns of Important GMS SQL Injection Vulnerability
• Chrome Flaw Exploited by Israeli Spy ware Agency Additionally Impacts Edge, Safari
• Intezer Paperwork Highly effective ‘Lightning Framework’ Linux Malware

In search of Malware in All of the Incorrect Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Tips on how to Determine Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

Tips on how to Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.