Advertise on ITWeb         Sun, 17 Dec, 00:37:01 AM

Three Uber security managers resign

Leadership in the security unit has been in turmoil since the termination last week of Uber's CSO.

Leadership in the security unit has been in turmoil since the termination last week of Uber's CSO.

Three senior managers in Uber Technologies' security unit resigned on Friday, an Uber spokesperson said, days after the company's new CEO disclosed a massive data breach and criticised past security practices.

Uber's CEO, Dara Khosrowshahi, who was installed in the top job in August, disclosed the data breach last month, shortly after learning of it himself, saying: "None of this should have happened." Uber's security practices are also under scrutiny in a high-stakes legal battle with self-driving car company Waymo, an Alphabet subsidiary.

Uber last week said it fired its CSO, Joe Sullivan, over his role in the 2016 data breach, which compromised data belonging to 57 million customers and about 600 000 drivers. The resignations Friday came amid mounting frustration within Uber's security team over Sullivan's dismissal and the company's handling of the public disclosure of the breach.

The three managers who resigned were Pooja Ashok, chief of staff for Sullivan; Prithvi Rai, a senior security engineer and the number two manager in the department; and Jeff Jones, who handled physical security, the Uber spokesperson said. Ashok and Jones will remain at the company until January to assist in transition, the spokesperson said.

A fourth individual, Uber's head of Global Threat Operations, Mat Henley, began a three-month medical leave, said a separate source familiar with the situation. The departures include most of Sullivan's direct reports.

None of the four immediately responded to requests for comment. E-mails in connection with the departures, described by the separate source, complained of emotional and physical strain from the past year.

Sullivan, in August, told Reuters his security team totalled around 500 employees.

Leadership in the unit has been in turmoil since the termination last week of Sullivan and a deputy, as well as Uber's admission that it paid $100 000 to hackers to delete stolen data from the October 2016 breach and keep it secret, while failing to report the incident to regulators or warn customers their phone numbers and other data had been exposed.

In the Waymo case, testimony at a pre-trial hearing this week focused on claims by former employee Richard Jacobs that Uber had a special unit within its security team that tried to obtain programming code and other trade secrets from rivals.

Uber launched an investigation in response to Jacobs' claims, which were outlined in a 37-page letter sent to Uber's in-house attorney and the US Department of Justice. Board members received a report before Thanksgiving on the findings of that investigation, run by law firm WilmerHale. The report has not been shared publicly.

Henley, who was among the Uber security managers named in Jacobs' letter, said in court Wednesday the unit at Uber that Jacobs had accused of acquiring rivals' trade secrets no longer exists.

In addition to having a technical team dedicated to obtaining data from competitors, Uber also had a "human intelligence" team to spy on people and record their conversations without them knowing, according to testimony in the Waymo case.

In one instance, a security vendor hired by Uber recorded a conversation between executives of rival ride-hailing firms Didi and Grab, Nicholas Gicinto, a security manager at Uber, testified in court on Wednesday.

Uber's general counsel, Tony West, on Wednesday sent a note to employees, which was seen by Reuters, saying human surveillance of individuals would no longer be tolerated.

West said he did not believe the activity was illegal, "but, to be crystal clear, to the extent anyone is working on any kind of competitive intelligence project that involves the surveillance of individuals, stop it now".

Enjoyed this story? Subscribe to ITWeb's Security News newsletter.

Copyright 2017 Reuters Limited. All rights reserved. Republication and redistribution of Reuters content is expressly prohibited without the prior written consent of Reuters. Reuters shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.


Our comments policy does not allow anonymous postings. Read the policy here




 

 

 

Sponsors Message