Uber in-house lawyer leaves after data scandal

Last month, we reported on the Uber data scandal that affected approximately 57 million users and drivers worldwide.


But the full details of the incident, which Uber attempted to cover up when it occurred in 2016, have only begun to unfold over the last week.


While media outlets initially reported that Uber’s chief security officer Joe Sullivan had left in the wake of the scandal, the name of a subordinate who was also ousted wasn’t revealed.


However, the Recorder has since discovered that the employee was Uber in-house attorney Craig Clark, who – according to his LinkedIn profile – was the firm’s legal director for security and law enforcement.


The Recorder claimed that Mr Clarke was fired, while Mr Sullivan was asked to resign. Both had previously worked as associate general counsel at Facebook, the former for over five years.

Corporate governance disarray at Uber

It is unclear whether more employees’ jobs are at risk, but the breach has already shown how a number of corporate governance functions can be implicated after a cyber attack.


The news comes at a time when Uber’s in-house legal department is already undergoing significant changes.


The firm announced in October that Tony West, a former US Department of Justice official and top lawyer at PepsiCo, will step in as new chief legal officer.


Salle Yoo had held the role since 2012 but resigned in September, with the company facing lawsuits on multiple fronts.


“Pepsi has been named one of the world’s most ethical companies ten years in a row. Under Tony’s leadership, I’m confident that we will one day join this list,” said Dara Khosrowshahi, Uber’s new chief executive, wrote in an email to employees.

Millions of UK customers affected

On the issue of ethics, more details have also been released regarding the breach itself.


Last week, the Information Commissioner’s Office (ICO) revealed that the attack affected approximately 2.7 million UK accounts. Names, addresses and telephone numbers were all compromised, although the ICO claimed this information alone is unlikely to cause problems for customers.


“However, its use may make other scams, such as bogus emails or calls appear more credible,” said ICO deputy commissioner James Dipple-Johnstone.


“We would expect Uber to alert all those affected in the UK as soon as possible.”

What caused the breach?

The breach occurred when two hackers gained access to the private coding website GitHub, according to Bloomberg.


Uber software engineers use the site, which enabled the cyber criminals to obtain employee login details for Amazon Web Services (AMS).


AMS handles a range of computing tasks for Uber and the hackers found an archive of customer and driver data within the cloud-based service. The criminals approached Uber, which paid the pair $100,000 (£75,000) to delete the data.


“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorised access by the individuals,” Mr Khosrowshahi wrote in the organisation’s blog.


The breach was apparently hidden from various senior executives and only uncovered following an internal investigation. So, will Uber be able to turn around its corporate governance woes?


The company is making widespread changes to sway public opinion, but only time will tell whether or not this latest scandal will be the straw that broke the camel’s back.


Our 2017 Compensation and Market Trends Report combines our review of the prevailing conditions in the in-house legal recruitment market together with the results of our latest employer survey.