Explainer · file D06 · 60 seconds

Uber 2016 — first CISO convicted criminally

01 / 08 · Setup

2016: 57M RECORDS LEAKED.

customer + driver data

02 / 08 · Tension

THEY TOLD ? NO ONE.

a year of silence

03 / 08 · Reveal

JOE SULLIVAN

Uber CISO · paid hackers $100k as a "bug bounty"

04 / 08 · Mechanism

breach → extortion → cover-up as "bug bounty"

Hackers

Uber AWS extract

05 / 08 · Scale

57M RECORDS. ONE YEAR OF SILENCE.

Oct 2016 breach Nov 2017 disclosure Oct 2022 conviction

600k

driver license numbers

$100k

paid to hackers

148M

USD 50-state settlement

06 / 08 · Disclosure

NOVEMBER 2017

Dara Khosrowshahi

new CEO · discloses

Bloomberg

first report

FTC

consent decree

new CEO after Kalanick's departure

07 / 08 · Precedent

FIRST

CISO criminally convicted for hiding a breach · Oct 2022

Joe Sullivan guilty. Federal felony. Precedent: hiding a breach is a crime, not a workplace culture.

08 / 08

JOE SULLIVAN

A data breach is no shame. Hiding a breach is a crime. Sullivan — first CISO convicted.
File D06 in Big Tech Files.

00:00
01:00