Connect with us

Cyber Crime

Joseph Sullivan, Ex-Uber Security Chief, Sentenced for Covering Up Massive 2016 Data Breach

Published

on

Joseph Sullivan, Ex-Uber Security Chief, Sentenced for Covering Up Massive 2016 Data Breach

Former Uber Chief Security Officer Joseph Sullivan has been sentenced to a three-year term of probation and ordered to pay a fine of $50,000 after being found guilty of obstructing a Federal Trade Commission (FTC) investigation into a data breach suffered by the ride-sharing company in 2014. The sentence was handed down by United States District Judge William H. Orrick in October 2022, following Sullivan’s conviction on two felonies.

The sentence was handed down by the Hon. William H. Orrick, United States District Judge, announced First Assistant United States Attorney Stephanie M. Hinds and FBI San Francisco Special Agent in Charge Robert K. Tripp.

ALSO READ: Looking For Nodal Officers Of Banks, Telecoms, Social Media? Click The Link Here To Fetch Numbers – Details Inside

Sullivan, who is 54 years old and from Palo Alto in Santa Clara County, had served as the Chief Security Officer for Uber Technologies, Inc. when the ride-hailing company suffered a data breach in 2014. The breach was being investigated by the Federal Trade Commission (FTC), and Sullivan was hired soon after the investigation was launched. He participated in Uber’s response to the investigation, including its efforts to comply with investigative demands issued by the FTC.

However, the evidence at trial established that ten days after his sworn testimony to the FTC, Sullivan learned that Uber had been hacked again, and the hackers had exploited the same vulnerability that had led to the 2014 breach. The data stolen in 2016 was massive in scale and included records associated with approximately 57 million Uber users and drivers. Despite having testified regarding the same security vulnerability and related issues ten days prior, Sullivan executed a scheme to prevent any knowledge of the breach from reaching the FTC.

ALSO READ: Search All India Police Station Phone Numbers & Mail ID Through This Search Engine

Sullivan arranged to pay off the hackers in exchange for them signing non-disclosure agreements in which the hackers promised not to reveal the hack to anyone. Those contracts, drafted by Sullivan and a lawyer assigned to his team, falsely represented that the hackers did not take or store any data in their hack. Thereafter, Sullivan continued to work with the Uber lawyers handling or overseeing the FTC investigation, including the General Counsel of Uber, but he withheld information about the breach from all of them. Uber ultimately entered into a preliminary settlement with the FTC in the summer of 2016 without disclosing the 2016 data breach to the FTC.

ALSO READ: Beware Of ‘Royal Ransomware’ Virus Attacking Critical Sectors In India: CERT-In

In Fall 2017, Uber’s new management began investigating facts surrounding the 2016 data breach. When asked by Uber’s new CEO what had happened, Sullivan lied about the circumstances of the breach, including by telling the CEO that the hackers did not steal any data. Sullivan lied again to Uber’s outside lawyers who were conducting an investigation into the incident. Nonetheless, the truth about the breach was ultimately discovered by Uber’s new management, which disclosed the breach publicly and to the FTC in November 2017.

The prosecution was the result of an investigation by the FBI, and Assistant U.S. Attorneys Andrew F. Dawson and Benjamin Kingsley prosecuted the case with the assistance of Patricia Mahoney and Nina Burney. Sullivan’s sentence should serve as a warning to other high-ranking officials that they cannot engage in similar schemes to cover up data breaches or other illegal activities.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube

Continue Reading