Uber former security chief charged in connection with attempted data breach cover-up

The US Department of Justice has charged Joseph Sullivan, former chief security officer at Uber, with obstruction of justice following a data breach.

Mr Sullivan allegedly tried to cover up a 2016 hack that compromised data of millions of users and drivers, federal court papers filed last week in San Francisco said.

Hackers exposed details relating to 57 million customers and drivers in the breach, but instead

of reporting the breach to the Federal Trade Commission, Uber paid a $100,000 ransom in bitcoin.

The payment was presented as a “bug bounty” reward, paid to security researchers who spot

vulnerabilities. Sullivan is accused of demanding the hackers sign non-disclosure agreements claiming that they had not stolen data.

But when the breach was uncovered and disclosed by chief executive Dara Khosrowshahi in 2017,

Sullivan was fired.

Sullivan, however, denies the charges: “If not for Mr Sullivan and his team’s efforts, it is likely that

the individuals responsible for this incident never would have been identified at all” said his

spokesperson Bradford Williams, quoted by the BBC.

“From the outset, Mr Sullivan and his team collaborated closely with legal, communications and

other relevant teams at Uber, in accordance with the company’s written policies,” said Williams,

according to a DIGIT report.

“Those policies made clear that Uber’s legal department – and not Mr Sullivan or his group – was

responsible for deciding whether, and to whom, the matter should be disclosed,” Williams added.

“Silicon Valley is not the Wild West”; said US attorney David Anderson. “We expect good corporate

citizenship. We expect prompt reporting of criminal conduct. We expect co-operation with our

investigations. We will not tolerate corporate cover-ups.”


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.