Former Uber security chief sentenced for data breach cover-up

File picture

Former Chief Security Officer for ride-hailing service Uber, Joseph Sullivan, has been sentenced to three years of probation and ordered to pay a $50,000 fine for his attempt to cover up a massive data breach in 2016.

The breach exposed tens of millions of customer records to hackers, and Sullivan was convicted of obstructing justice and concealing the knowledge of a federal felony committed in San Francisco last October.

This marks the first criminal prosecution of a company executive for a data breach.

Sullivan was hired as Uber's Chief Security Officer in 2015 and was emailed by hackers in November 2016, confirming that they had stolen records on about 57 million users and 600,000 driver’s license numbers.

He initiated a plan to hide the breach from the public and the Federal Trade Commission, which had been investigating a smaller 2014 hack.

According to the US attorney's office, Sullivan arranged to pay the hackers $100,000 in bitcoin and never mentioned the breach to Uber lawyers involved with the FTC's inquiry. He also told subordinates that "the story outside of the security group was to be that 'this investigation does not exist'’."

Uber's new management uncovered the truth during an investigation in the fall of 2017, and the breach was made public.

Sullivan was fired along with Uber lawyer Craig Clark, who had been told about the breach. Clark testified against Sullivan after being given immunity by prosecutors. While prosecutors had recommended a 15-month sentence in federal prison, Sullivan's lawyers argued that he had already suffered significant consequences as a result of the case.

The hackers responsible for the breach pleaded guilty in 2019 to computer fraud conspiracy charges and are awaiting sentencing. No other Uber executives were charged in this case.

More from Business

  • US considers breakup of Google in landmark search case

    The US said it may ask a judge to force Alphabet's Google to divest parts of its business, such as its Chrome browser and Android operating system, that it says are used to maintain an illegal monopoly in online search.

  • UAE inaugurates first Global Rail Conference

    The first edition of the Global Rail Transport Infrastructure Exhibition & Conference (Global Rail) 2024 was launched in Abu Dhabi on Tuesday and set to continue until Thursday. The event, hosted by Etihad Rail, was inaugurated by several UAE officials and industry leaders. 

  • Boeing withdraws pay offer to striking workers

    Boeing has withdrawn its pay offer to around 33,000 US factory workers and no further negotiations were planned with their union representatives, as a financially damaging strike nears its fourth week.

  • UAE Cabinet approves AED 71.5 billion federal budget

    The UAE Cabinet, chaired by His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and the Ruler of Dubai, has approved the Union General Budget Plan for the fiscal year 2025.

  • Emirates cancels Iran and Iraq flights until October 16

    Emirates has cancelled flights to Iran and Iraq until October 16, the airline announced on Tuesday evening. Earlier in the week, flights to Baghdad and Basra in Iraq had resumed before the latest update.