- The Washington Times - Saturday, December 2, 2017

Three senior managers within Uber’s security team resigned Friday hardly a week after its newly appointed CEO disclosed a 2016 data breach that compromised the personal information of 57 million customers.

The three Uber employees who resigned Friday and a fourth who started a three-month medical leave represent a fraction of the hundreds who make up the ride-share company’s security team, but most of the people who reported directly to Joe Sullivan, the former chief security officer who was recently fired for his role in responding to the newly revealed data breach, Reuters reported.

The employees who resigned Friday include Mr. Sullivan’s chief of staff, Pooja Ashok, as well as senior security engineer Prithvi Rai and Jeff Jones, a team member who handled physical security, an Uber spokesperson told Reuters. Ms. Ashok and Mr. Jones plan to stay with Uber until January, the spokesperson said.

Mat Henley, Uber’s head of Global Threat Operations, began a three-month medical leave, a separate source told Reuters.

The outgoing security officials complained of emotional and physical stress from the past year at Uber in emails related to their departures, the source added.

None of the individuals immediately responded to requests for comment, the report said.

Hackers breached a third-party server used by Uber in October 2016 and accessed the names, email addresses and other data associated with 57 million users in the U.S and abroad, the company’s recently appointed chief executive revealed for the first time last week.

Uber “subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed,” CEO Dara Khosrowshahi said Nov. 21. Multiple reports have since indicated that Uber paid the hackers $100,000 to keep the incident under wraps, and both the breach and Uber’s response are currently being revealed by federal regulators as well as attorneys general in several states.

Mr. Khosrowshahi said he became aware of the incident after becoming Uber’s CEO in August and consequently terminated Mr. Sullivan and his senior deputy, Uber’s legal director of security and law enforcement, Craig Clark.

“None of this should have happened, and I will not make excuses for it,” Mr. Khosrowshahi said in the disclosure last month. “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes. We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”

On Thursday, meanwhile, Democrats on the Senate Commerce Committee revived a data-breach notification bill that carries prison time for executives caught concealing security incidents like the one suffered by Uber.

“We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” Sen. Bill Nelson of Florida, the author of the Data Security and Breach Notification Act, said in a statement.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide