Advertisement

Former Uber security officer charged with concealing 2016 breach

Uber's former chief security officer, Joseph Sullivan, was charged with paying hackers to conceal a 2016 breach against the company affecting about 57 million users and drivers. File Photo by John Angelillo/UPI
Uber's former chief security officer, Joseph Sullivan, was charged with paying hackers to conceal a 2016 breach against the company affecting about 57 million users and drivers. File Photo by John Angelillo/UPI | License Photo

Aug. 20 (UPI) -- Federal prosecutors have charged Uber's former chief security officer with paying hackers to cover up a 2016 data breach against the company.

Joseph Sullivan, 52, was charged Thursday with obstruction of justice and misprision, or concealment, of a felony for allegedly paying hackers $100,000 to hide the breach which affected about 57 million Uber users and drivers, the U.S. Department of Justice said.

Advertisement

After the breach, hackers contacted Sullivan by email demanding a six-figure payment in exchange for silence. They accessed and downloaded an Uber database containing personally identifying information including drivers' license numbers for about 600,000 Uber drivers.

The complaint states that in addition to paying off the hackers through a program that allows so-called "white hat" hackers to point out security issues within the company, Sullivan also attempted to have them sign non-disclosure agreements regarding the breach.

RELATED Lyft to end ride-share service in California on Friday

"The agreements contained a false representation that the hackers did not take or store any data," the Justice Department said. "When an Uber employee asked Sullivan about this false promise, Sullivan insisted that the language stay in the non-disclosure agreement."

The complaint further alleges that Sullivan deceived Uber's new management about the breach after the company hired a new CEO in 2017.

Advertisement

"Sullivan asked his team to prepare a summary of the incident, but after he received their draft summary, he edited it," the Justice Department said. "His edits removed details about the data that the hackers had taken and falsely stated that payment had been made only after the hackers had been identified."

RELATED California judge orders Uber, Lyft to reclassify drivers as employees

Sullivan's initial appearance in federal court has not been scheduled.

The hackers were ultimately identified by Uber and prosecuted in the Northern District of California, where they each pleaded guilty to computer fraud charges last year.

RELATED Ex-Uber executive sentenced for stealing from Google

Latest Headlines