Ex-Uber security head charged in connection with the cover-up of a 2016 hack that affected 57 million customers (UBER)
- Uber’s former chief security officer, Joe Sullivan, was charged Thursday with obstruction of justice over allegations he tried to cover up a data breach in 2016.
- A data breach at Uber in October 2016 exposed the personal data of 57 million drivers and passengers. It’s reported that Sullivan and former CEO Travis Kalanick decided to pay hackers $100,000 to keep quiet.
- The hack remained concealed until Uber’s newly appointed CEO, Dara Khosrowshahi, disclosed it to the public in November 2017. Sullivan was fired shortly after.
- US prosecutors have charged Sullivan — now chief information security officer at Cloudflare — with obstruction of justice and misprision, which hold a combined maximum of eight-years jail sentence.
- Visit Business Insider’s homepage for more stories.
The former head of security for Uber is facing federal charges over accusations he orchestrated an attempted cover-up of an October 2016 data breach that affected around 57 million Uber drivers and passengers.
US prosecutors announced Thursday they filed criminal charges against Joe Sullivan, the former Uber executive and current chief information security officer for Cloudflare. The prosecutors accuse Sullivan of paying hackers a ransom to keep quiet about the data breach, according to the complaint.
The New York Times, which first reported the news Thursday, says the criminal charges may be the first ever filed against an executive regarding a company’s response to a data breach.
Uber’s data breach wasn’t made public until November 2017, nearly a year after the hack occurred. CEO Dara Khosrowshahi disclosed the news of the breach just months after filling the role at Uber, saying in a blog post that “none of this should have happened.”
The new charges seem to confirm previous previous news reports that Sullivan and former Uber CEO Travis Kalanick arranged a deal to pay hackers $100,000 to get them to erase the data they stole — including names, email addresses, and phone numbers. The two executives then reportedly concealed the payout in Uber’s financials, and failed to report the incident to regulators and customers.
Kalanick resigned from the company in June 2017 before the breach was disclosed. Sullivan was fired the weeks after news of the hack was made public. Multiple security managers and other leaders at Uber were also fired in the aftermath.
Sullivan is currently chief information security officer at web-hosting company Cloudflare, and still holds the position as of Thursday following the charges. Cloudflare CEO wrote in a tweet he was “sad” to see the allegations against Sullivan, and hoped to see the incident “resolved quickly.”
Sad to see Joe Sullivan allegations. Joe’s had a distinguished career as a US Attorney & exec at eBay, PayPal, Facebook, Uber & Cloudflare. Anytime an opportunity arose, Joe’s advocated for us to be as transparent as possible. I hope this is resolved quickly for Joe & his family.
— Matthew Prince 🌥 (@eastdakota) August 20, 2020
Kalanick, meanwhile, was not mentioned in the Department of Justice complaint regarding the breach.
The DOJ has charged Sullivan with obstruction of justice and misprision. Together, the two criminal charges hold a maximum sentence of eight years in prison.
NOW WATCH: What it takes to be a PGA Tour caddie