Uber ousts in-house counsel who suppressed information about 2016 data breach
An in-house attorney for Uber is no longer with the company after it was discovered that he’d helped suppress news of a data breach, the Recorder has reported.
Attorney Craig Clark and his direct supervisor, Uber chief security officer Joe Sullivan, were ousted for concealing an October 2016 breach. Bloomberg reported that the two not only ignored legal requirements to report the breach, but paid the hackers $100,000 to delete the compromised data and keep the hack under wraps.
The ride-hailing company announced the breach Tuesday in a blog post by new CEO Dara Khosrowshahi, who said he’d only recently learned of it, and that the two people who led the response “have left the company.” Sullivan, a former federal prosecutor, was asked to resign while Clark was fired, the Recorder reported.
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi wrote. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”
Bloomberg says the hackers breached a private page on GitHub, a website programmers use to collaborate and share their work. Using login credentials taken from there, they accessed remotely stored Uber data, then contacted the company demanding money.
The company says the hack affected 50 million riders and 7 million drivers. Names and contact information as well as the license numbers of 600,000 drivers were taken. The company said it was providing credit monitoring for those drivers, monitoring all affected accounts and notifying all affected users, as well as the regulatory agencies it should have notified in 2016.
Within hours of the disclosure, Uber users filed a proposed class-action lawsuit in Los Angeles federal court, Bloomberg reported separately. No penalties from regulatory agencies were reported. However, the office of New York Attorney General Eric Schneiderman said Tuesday that it would launch an investigation. His office fined Uber in January of 2016 for failure to disclose a prior data breach.
The news is another blow during a difficult year for Uber. The company’s founder and CEO, Travis Kalanick, was ousted by major investors in June over a series of controversial public statements or behaviors. The federal government has at least five open investigations into the company, including one into whether Uber intentionally blocked the accounts of local regulators posing as customers. At the time of the hack, Uber was negotiating with the Federal Trade Commission over a different consumer privacy matter.
The news came the day before Uber was to add new chief legal officer Tony West, who replaces Salle Yoo.