Former Uber boss Joe Sullivan convicted for breach cover-up

Share post:

Joe Sullivan, Uber’s former chief security officer and current CSO at Cloudflare, was found guilty of illegally concealing the theft of personal data from Uber drivers and customers in a 2016 data breach.

Sullivan, a former US Department of Justice cybercrime prosecutor, was found guilty of obstructing the Federal Trade Commission’s FTC investigation and committing a crime in connection with an attempt to cover up the Uber breach and to pay a bounty to the hackers.

On November 21, 2017, Uber CEO Dara Khosrowshahi released a statement admitting that perpetrators broke into Uber and stole 57 million customer and driver records in late 2016, prompting Sullivan and Craig Clark, the legal director of security and law enforcement, to be fired.

According to court documents, Sullivan discovered the theft in November 2016, about ten days after he testified under oath to the FTC about Uber’s security practices.

When hackers Brandon Charles Glover and Vasile Mereacre contacted him to tell him they had stolen data from Uber and demanded a ransom to delete the stolen data, he failed to report it to authorities.

Instead of reporting the breach, Sullivan devised a plan to keep it secret and pay Glover and Mereacre $100,000, under the pretext of a legitimate bug bounty reward in exchange for signing non-disclosure agreements on the attack. Sullivan also took steps to prevent the arrest of the hackers.

Sullivan’s attorney, David Angeli, argued that Sullivan disclosed the breach to Khosrowshahi almost immediately and even explained his actions.

The sources for this piece include an article in TheRegister.


Related articles

Deepfake leads to 6 million dollar fine

Steven Kramer, a 54-year-old political consultant from New Orleans, has been indicted on multiple felony charges for orchestrating...

Altman ends OpenAI’s “equity claw back” for ex-employees who criticize the company

Sam Altman, CEO of OpenAI, has addressed concerns regarding the company's exit agreements, which reportedly included nondisparagement clauses...

MIT students exploit blockchain vulnerability to steal 25 million dollars

Two MIT students have been implicated in a highly sophisticated cryptocurrency heist, where they reportedly exploited a vulnerability...

DOJ accuses Google of destroying key evidence in landmark antitrust case

In the final day of arguments in the Google anti-trust case, the U.S. Department of Justice (DOJ) has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways