The Major Scandal That Nearly Brought Down Uber^®

By Marcus T. • Jul 25, 2024

From Uber's Security Chief to Convict: The Fall of Joseph Sullivan-1

When Joseph Sullivan, former Chief Security Officer at Uber^®, learned about a massive data breach at the company, he chose to cover it up rather than report it. Now, after a trial that revealed the extent of his deception, Sullivan has been sentenced to three years of probation, a $50,000 fine, and 200 hours of community service.

Uber's Hidden Breach

In November 2016, hackers informed Sullivan they had accessed 57 million Uber user records, exploiting the same vulnerability from a 2014 breach. Rather than alerting authorities, Sullivan arranged to pay the hackers $100,000 to keep quiet, disguising the payment as a "bug bounty" reward. This secret deal kept the breach hidden from the Federal Trade Commission (FTC) and the public.

Beware of Identity Theft: What if It Happens to You?-1

Cover-Up Tactics

After learning about the breach, Sullivan took several steps to prevent the FTC from finding out. He directed his team to draft non-disclosure agreements for the hackers, falsely stating no data was stolen. Sullivan then continued to engage with the FTC, knowing they were unaware of the 2016 breach. This allowed Uber to settle with the FTC without disclosing the full extent of their security failures.

Legal Consequences

The truth came out in 2017 when Uber's new management investigated the breach. Sullivan lied to Uber's new CEO and external lawyers about the incident, but the cover-up was eventually exposed. As a result, Sullivan was found guilty of obstructing the FTC's investigation and committing two felonies. Despite prosecutors pushing for a prison sentence, the judge showed leniency due to the unique nature of the case and Sullivan's character.

7 Ways You May Be Breaking The Law Without Knowing-1

Implications for Cybersecurity

Sullivan's case is a landmark in cybersecurity, highlighting the severe consequences of covering up data breaches. The judgment sends a clear message to other corporate executives about the importance of transparency and compliance with legal obligations. As cyberattacks become more common, the need for ethical responses and accountability in handling such incidents is crucial.

Joseph Sullivan's attempt to hide a significant data breach ultimately led to his downfall. His sentencing underscores the necessity for honesty and integrity in cybersecurity roles.

References: Former Chief Security Officer Of Uber Sentenced To Three Years' Probation For Covering Up Data Breach Involving Millions Of Uber User Records | Ex-Uber security chief sentenced over covering up hack