Uber’s former chief security officer has been sentenced to three years’ probation for trying to cover up the high-profile data breach that rocked the mobility giant.
The cybersecurity attack, which occurred in 2016, impacted a large number of Uber customers. The incident saw millions of records accessed by hackers, with the company keeping consumers in the dark about the large-scale data breach.
Joseph Sullivan, who joined Uber as the security chief in 2015, had attempted to cover up the attack. He has been found guilty of paying hackers $100,000 and impeding an investigation into the incident by the Federal Trade Commission (FTC). He will also pay a fine of $50,000 and is required to complete 200 hours of community service.
The prosecution of Sullivan is believed to be the first case surrounding a corporate executive charged for a data breach. The judge said he showed Sullivan leniency citing the unprecedented nature of the case.
The incident involved two hackers gaining access to Uber’s data stored on GitHub. According to the US Department of Justice (DOJ), they emailed Sullivan informing him about the breach and and demanded a ransom in return for deletion of the stolen records. The attack was confirmed by Sullivan’s team members.
To hush up the incident, Sullivan paid the hackers $100,000 in exchange for non-disclosure agreements to keep the massive data breach confidential. The payment was made in December 2016 under the pretense of a “bug bounty” (a reward for cybersecurity experts who identify technical vulnerabilities). The number of customer records compromised was reported to be 57 million.
The hackers were charged in 2019 and were found guilty.
The 2016 massive data breach is not the only high-profile controversy to shroud Uber. In July 2022, Uber was taken to court by more than 500 women, who alleged they were “kidnapped, sexually assaulted, sexually battered, raped, falsely imprisoned, stalked, harassed, or otherwise attacked by Uber drivers with whom they had been paired through the Uber application” across various US states.
Related: Uber taken to court by 550 women over sexual assault claims
At least 150 more cases were being actively investigated at the time the complaint against Uber was filed, according to the law firm that undertook the class-action.
The lawsuit accused Uber of not running proper background checks on its drivers.