Former Uber security chief charged in 2016 hack cover-up

The former chief security officer of Uber Technologies, Joseph Sullivan, has been charged with obstruction of justice for his alleged role in the cover-up of the 2016 hack of the company. This is according to a press release from the Office of the United States Attorney in Northern California. The charges relate to the security incident in which Uber was hacked, and roughly 57 million individuals’ data was exposed. The database information contained personal information about drivers and customers, including more than 600,000 drivers license numbers of Uber drivers.

The case brought against Sullivan alleges that the former Uber CSO actively impeded the Federal Trade Commission’s investigation. The specifics can be found in the following excerpt from the press release:

Rather than report the 2016 breach, Sullivan allegedly took deliberate steps to prevent knowledge of the breach from reaching the FTC.  For example, Sullivan sought to pay the hackers off by funneling the payoff through a bug bounty program — a program in which a third party intermediary arranges payment to so-called “white hat” hackers who point out security issues but have not actually compromised data.

Uber paid the hackers $100,000 in BitCoin in December 2016, despite the fact that the hackers refused to provide their true names.  In addition, Sullivan sought to have the hackers sign nondisclosure agreements.  The agreements contained a false representation that the hackers did not take or store any data. When an Uber employee asked Sullivan about this false promise, Sullivan insisted that the language stay in the non-disclosure agreements.

It was not until new management took over Uber’s operations that the breach was disclosed in full. It was at that time that the company began fully cooperating with federal investigators. Sullivan was fired by the new management in 2017.

Leading the case is United States Attorney David L. Anderson and FBI Deputy Special Agent in Charge Craig D. Fair. They allege that Sullivan also actively sought to deceive the new management in an attempt to uncover his misdeeds. If these allegations are proven and Sullivan is convicted, he faces up to eight years in prison.

The court date has not yet been determined, but as developments emerge, they will be reported on.

Featured image: Shutterstock

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top