Uber’s former security chief guilty of concealing data breach: jury

Uber Technologies Inc’s former chief security officer (CSO) Joseph Sullivan is guilty of criminal obstruction for failing to report a 2016 cybersecurity incident to the authorities, a San Francisco jury said.
Uber Technologies
Joseph Sullivan, who was terminated from Uber Technologies in 2017, was found guilty on two counts, namely obstruction of justice and deliberate concealment of felony, Reuters news report said.

“Joesh Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught,” said Stephanie Hinds, U.S. Attorney for the Northern District of California.

The case pertains to a breach at Uber’s systems that affected data of 57 million passengers and drivers. The company did not disclose the cyber attack for a year.

In September 2018, Uber paid $148 million to settle claims by all 50 U.S. states and Washington, D.C., that it was too slow to disclose the hacking.

In July, Uber accepted responsibility for covering up the cyber security incident and agreed to cooperate with the prosecution of Joseph Sullivan over his alleged role in concealing the hacking, as part of a settlement with U.S. prosecutors to avoid criminal charges.

Joseph Sullivan was originally indicted in September 2020. Prosecutors had said at the time he arranged to pay the hackers $100,000 in bitcoin and had sign nondisclosure agreements that falsely stated they had not stolen data.

Joseph Sullivan was accused of withholding information from Uber officials who could have disclosed the breach to the FTC, which had been evaluating the San Francisco-based company’s data security following a 2014 breach.