FBI San Francisco
San Francisco Media Office
August 20, 2020

FBI Statement on the Charging of Former Uber CSO for Covering Up 2016 Hack

Hello, I am Craig Fair, the deputy special agent in charge of the FBI San Francisco Division.

The FBI is committed to working with private sector companies in order to assist in preventing a breach and dealing with the aftermath of a breach. Of course, prevention is the preferred method of countering the loss of data and private information.

It is only through a coordinated public-private partnership that we are able to assist companies whose databases have been compromised. It is alleged that rather than report the breach openly and honestly, so that we could assist Uber, Mr. Sullivan decided instead to mislead authorities by withholding information and attempting to cover his tracks. This decision ultimately made a bad situation worse and led to the charges that were unsealed today alleging Mr. Sullivan’s crimes.

Here in the Bay Area, we are fortunate to have good-standing working relationships with a number of companies, including Uber, as the U.S. attorney mentioned. These relationships help the flow of information and allow us to pursue bad actors and assist companies in their recovery from data breaches.

We encourage companies to develop a relationship with the FBI and local law enforcement prior to an incident and incorporate us into their incident response plans. We are working to get ahead of the threat and be predictive in the way we approach cybersecurity. We cannot impose consequences on our cyber adversaries if companies do not step forward and provide us with evidence of an intrusion, and no one will come forward if they think that all that will come from it is shame.

Cyber intelligence should not be looked at as a competitive advantage; if we are all not sharing information in a quick and collaborative manner, we will not be able to stay ahead of the threats that are emerging.

Moreover, concealing information about a felony from law enforcement is a crime. While this case is an extreme example of a prolonged attempt to subvert law enforcement, we hope companies stand up and take notice. Do not help criminal hackers cover their tracks. Do not make the problem worse for your customers, and do not cover up criminal attempts to steal people’s personal data.

We encourage you to contact the FBI now, before your company faces a cyber breach. And we encourage you to contact us immediately if you do have a cyber security incident. The FBI will work with you to protect your company’s information and the personal data of your customers. We need to work together to make the Internet safer for all of us. Please contact the FBI San Francisco’s cyber program by reaching out to our field office at (415) 553-7400. Thank you.