A former Uber security chief Joseph Sullivan is charged with a felony and convicted by the US court for obstructing their investigation in a past data breach incident.
He was accused of paying the hackers of the 2016 data breach at Uber, which compromised the PII of thousands of its drivers and customers, to settle. He now faces five years of jail term for hiding the facts of the case and three more years for failing to report it to authorities.
Jailing an Uber Executive
Uber is always strangled with some form of law enforcement action. Lately, a jury in a San Francisco federal court has found Joseph Sullivan – Uber’s former security chief, guilty of felony charges regarding the 2016 data breach.
The prosecutors accused Sullivan of obstructing the FTC’s investigation into Uber at the time regarding a breach that occurred in 2014. He is convicted of federal charges for hiding a 2016 data breach from authorities and even paying the hackers to cover it up!
As per reports, Sullivan was informed about the breach by hackers shortly after he sat for a deposition with the FTC for its investigation over the 2014 cybersecurity incident. Leveraging an internal bug, hackers were able to squeeze the personal data of 600,000 drivers and additional information linked to 57 million drivers and passengers.
As they asked for a $100,000 ransom, Sullivan pointed them to the company’s bug bounty program, which had a max payout of $10,000! Since that’s unsettling, hackers threatened to leak the stolen data – which led Sullivan to pay the demanded ransom in bitcoin and made it appear as a payment under the bug bounty program – an action that was reportedly sanctioned by then Uber chief executive Travis Kalanick.
Sullivan has also tracked down the hackers and made them sign nondisclosure agreements. Well, his lawyers are now arguing that customer data is safe after they had paid the amount and NDA agreements with hackers, plus it’s not an incident worth reporting.
But the prosecutors disagreed with this view and said the incident shouldn’t have qualified for a payout under the bug bounty program, and Sullivan had done it anyway. Thus, he’s now set to face five years in prison for obstruction and up to three more years for failing to report a felony. Although, the exact sentence is yet to be declared.