Hackers Plead Guilty in Data Breach That Uber Covered Up - NECN

Hackers Plead Guilty in Data Breach That Uber Covered Up

The San Francisco company has previously said it mishandled the data breach



    Uber Agrees to $148M Settlement With States Over Data Breach

    Uber will pay $148 million and tighten data security after the ride-hailing company failed for a year to notify drivers that hackers had stolen their personal information, according to a settlement announced Wednesday. Anoushah Rasta reports. (Published Wednesday, Sept. 26, 2018)

    Two computer hackers have pleaded guilty to concocting an extortion scheme that entangled Uber in a yearlong cover-up of a data breach that stole sensitive information about 57 million of the ride-hailing service's passengers and drivers.

    The pleas entered Wednesday in a San Jose, California, federal court by Brandon Charles Glover and Vasile Mereacre resurrected another unseemly episode in Uber's checkered history.

    Glover, 26, and Mereacre, 23, acknowledged stealing personal information from companies that was stored on Amazon Web Services from October 2016 to January 2017 and then demanding to be paid to destroy the data.

    Uber met the hackers' demand with a $100,000 payment, but waited until November 2017 to reveal that the personal information of both its riders and drivers around the world had fallen into the hands of criminals.

    Family Says Vaping Killed Their 28-Year-Old Son

    [NATL] Family Says Vaping Killed Their 28-Year-Old Son
    An Orlando family is grieving the loss of their 28-year-old son, who died last week. They said he died as a result of vaping. Kyle Boyd's mother, Kimberly, said he was fine last Monday after he came home from hanging out with a group of friends. She said the next morning she could not wake him up.
    (Published Thursday, Nov. 21, 2019)

    U.S. Attorney David Anderson ripped into Uber for not immediately alerting authorities about the loss of so much personal information that could have been used for identity theft and other malicious purposes.

    "Companies like Uber are the caretakers, not the owners, of customers' personal information," Anderson said in a statement.

    Uber declined to comment on the guilty pleas and Anderson's criticism.

    The San Francisco company has previously said it mishandled the data breach. By the time Uber came clean about the incident, it had ousted its co-founder, Travis Kalanick, as CEO. Dara Khosrowshahi was then brought in to replace Kalanick and burnish an image that had been tarnished by revelations of rampant sexual harassment within Uber's ranks , attempts to dupe government regulators and accusations of stealing self-driving car technology .

    As part of their scheme, Glover and Mereacre also tried to blackmail Lynda.com, part of professional networking service LinkedIn, according to authorities. Instead of meeting those demands, LinkedIn tried to identify the extortionists, the government said.

    The two men each face up to five years and prison and a $250,000 fine. A status conference about their sentencing has been scheduled for March 18 before U.S. District Judge Lucy Koh.