A lot happened in cybersecurity over the past week.
The University of Utah paid
almost half a million dollars
to stop hackers from leaking sensitive student data after a ransomware attack. Two major ATM makers patched flaws that could’ve allowed for fraudulent cash withdrawals
from vulnerable ATMs. Grant Schneider, the U.S. federal chief information security officer, is leaving his post
after more than three decades in government. And, a new peer-to-peer botnet
is spreading like wildfire and infecting millions of machines around the world.
In this week’s column, we look at how Uber’s handling of its 2016 data breach put the company’s former chief security officer in hot water with federal prosecutors. And, what is “vishing” and why should companies take note?
THE BIG PICTURE
Uber’s former security chief charged with data breach cover-up
Joe Sullivan, Uber’s former security chief, was indicted this week by federal prosecutors for allegedly trying to
cover up a data breach in 2016
that saw 57 million rider and driver records stolen.
Sullivan paid $100,000 in a “bug bounty” payment to the two hackers, who were also
charged
with the breach, in exchange for signing a nondisclosure agreement. It wasn’t until a year after the breach that former Uber chief executive Travis Kalanick was forced out and replaced with Dara Khosrowshahi, who fired Sullivan after learning of the cyberattack. Sullivan now serves as Cloudflare’s chief security officer.
The payout itself isn’t the issue, as some had claimed. Prosecutors in San Francisco took issue with how Sullivan allegedly tried to bury the breach, which
later resulted
in a massive $148 million settlement with the Federal Trade Commission.