"Uber Settles 2016 Hacking Case With DoJ"

Uber has recently settled with the US Department of Justice (DoJ) over its cover-up of a November 2016 data breach.  Uber has agreed to help the DoJ prosecute its former chief security officer Joseph Sullivan in exchange for escaping prosecution itself.  The settlement stems from a data breach in 2016 that exposed 57 million users' data, including passengers and drivers.  The cybercriminals accessed a private source code repository and stole an access key, using it to steal the data.   The company reportedly agreed to pay off the perpetrators in addition to concealing the breach from the Federal Trade Commission (FTC), which was already investigating its security practices at the time.  In November 2017, after the departure of former CEO Travis Kalanick and new CEO Dara Khosrowshahi at the helm, Uber informed the FTC and fired Sullivan.  In 2018, Uber settled with the Commission, agreeing to maintain a privacy program that included external audits.  It also settled litigation with all 50 states, paying $148m.  The DoJ took criminal action against Sullivan in August 2020 for obstruction of justice and concealing a felony. The DoJ issued new charges in December 2021 for wire fraud and for failing to warn Uber drivers that their driver's licenses had been exposed. Uber has already been cooperating with this prosecution and will continue under the terms of the latest settlement. The company has agreed to provide any material and witnesses to help the DoJ prosecute Sullivan.

Infosecurity reports: "Uber Settles 2016 Hacking Case With DoJ"