We've updated our Privacy and Cookies Policy
We've made some important changes to our Privacy and Cookies Policy and we want you to know what this means for you and your data.
Ex-Uber security chief sentenced over covering up hack
- Author, Tom Gerken
- Role, Technology reporter
Uber's former chief security officer has avoided jail and been sentenced to three years' probation for covering up a cyber-attack from authorities.
Joseph Sullivan was found guilty of paying hackers $100,000 (拢79,000) after they gained access to 57 million records of Uber customers, including names and phone numbers.
He must also pay a fine of $50,000, and serve 200 hours of community service.
Prosecutors originally asked for a 15-month prison sentence.
Sullivan was also found guilty of obstructing an investigation from the Federal Trade Commission.
judge William Orrick said he was showing Sullivan leniency partly because this was the first case of its kind, but also because of his character.
"If there are more, people should expect to spend time in custody, regardless of anything, and I hope everybody here recognises that," he said.
The hack
Sullivan began his role as Uber's chief security officer in 2015.
In November 2016, the attackers who targeted Uber emailed Sullivan and told him they had stolen a large amount of data, which they would delete in return for a ransom, according to the US Department of Justice (DOJ).
Staff working for Sullivan confirmed data, including records of 57 million Uber users and 600,000 driving licence numbers, had been stolen.
According to the DOJ, Sullivan arranged for the hackers to be paid $100,000 in exchange for them signing non-disclosure agreements to not reveal the hack to anyone.
The hackers were paid in December 2016, disguised as a "bug bounty" - a reward used to pay cyber-security researchers who disclose vulnerabilities so they can be fixed.
The hackers subsequently faced conspiracy charges in 2019 and pleaded guilty.
Top Stories
More to explore
Most read
Content is not available