As reported by The Verge, Uber’s former security chief has been charged with obstruction of justice for trying to hide a data breach from the Federal Trade Commission and Uber management, according to a statement from the Department of Justice.
Joseph Sullivan, who was Uber’s chief security officer from April 2015 to November 2017, allegedly concealed the hack that occurred in October 2016, which exposed confidential data of 57 million drivers and customers, including drivers’ license information. Uber paid the hackers $100,000 in bitcoin to delete the data, according to the Justice Department. (Sullivan was later fired.)
However tempting it may be to cover up any information security misfortune, doing so will always end up causing even more damage in the long run. Trying to hide a data breach is no easy feat, but assuming cybercriminals will keep to their word or delete the stolen data after a ransom is paid is plainly foolhardy.
Being open about a cyberattack at the earliest opportunity is the most noble way of dealing with this sort of incident. With inevitable daily attacks on businesses of all sizes, attacks are not as damaging to a brand as they once were, due to the relentless attitude criminal hackers now demonstrate. Hopefully this will act as a reminder to other companies not to negotiate with criminals, nor try to conceal any dealings.