Former Uber head of security found guilty of concealing data breach
Technology

Former Uber head of security found guilty of concealing data breach

Uber’s former Chief Security Officer (CSO) Joseph Sullivan has been convicted by a federal jury of covering up a data breach that affected the company in 2016 and saw millions of customer and driver records stolen.

Sullivan was charged by the U.S. Federal Trade Commission (FTC) for interfering in investigations being conducted by the commission and for covering up the data breach.

The breach happened in 2016 when Uber was under investigation for a similar breach that happened in 2014, and exposed the data of over 50 million customers and 7 million drivers, including their names, phone numbers, and email addresses. The breach also included the driver license numbers of 600,000 drivers and 60,000 social security numbers.

The breach occurred shortly after Sullivan was employed by Uber to help in fixing the company’s security systems after a 2014 breach had left hackers access to the personal information of over 50,000 Uber customers.

After the breach happened, Sullivan and his team immediately began a concealed approach to hide it from regulators and the public. Sullivan also offered to pay the hackers responsible for the breach $100,000 in the form of a bug bounty to delete the information they had stolen and keep the breach hidden.

The incident was not publicized until a new management team headed by CEO Dara Khosrowshahi arrived at the company in 2017. Sullivan was subsequently fired in the same year and an investigation was launched into the case by public prosecutors in 2020, charging him on counts of obstruction and misprision of a felony.

A sentencing date is yet to be set, but the former CSO faces up a maximum of five years in prison for obstruction of justice, and three years for concealing the crime.

Leave feedback about this

  • Quality
  • Price
  • Service

PROS

+
Add Field

CONS

+
Add Field
Choose Image
Choose Video
X