The former chief security officer of Uber was spared jail time in exchange for three years of probation for concealing a cyberattack from law enforcement.
The former chief security officer of Uber was spared jail time in exchange for three years of probation for concealing a cyberattack from law enforcement.
Hackers were found guilty of receiving $100,000 (£79,000) from former chief security officer of Uber, Joseph Sullivan after gaining access to 57 million records of Uber customers, including names and phone numbers.
He has to pay a $50,000 fine, do 200 hours of community service, and more. The prosecution originally asked for a 15-month prison sentence. Sullivan was also found guilty of obstructing a Federal Trade Commission investigation.
The judge, William Orrick, reportedly told the Wall Street Journal that he was being lenient with Sullivan not only because this was the first instance of its kind but also due to his character.
I hope everyone here understands that if there are more, people should anticipate spending time in custody regardless of anything, he said. In 2015, Sullivan started working as Uber’s chief security officer.
According to the US Department of Justice, the hackers who attacked Uber sent Sullivan an email in November 2016 informing him they had stolen a lot of data, which they would erase in exchange for a ransom (DOJ).
Employees at Sullivan confirmed that information, including 600,000 driver’s licence numbers and records of 57 million Uber users, had been stolen. The DOJ claims that Sullivan made arrangements for the hackers to receive $100,000 in exchange for signing non-disclosure agreements promising to keep the hack a secret.
In December 2016, the hackers received payment under the guise of a “bug bounty”—a reward given to cyber-security researchers who reveal flaws so they can be fixed. In 2019, the hackers were charged with conspiring, and they pleaded guilty.
The response to Sullivan’s case has divided the cybersecurity community, as it is conceivably the first instance in which a security executive has been charged criminally for improperly handling a data breach.
Quick catch-up An ongoing FTC investigation into Uber’s security procedures was obstructed by Sullivan, who was also found guilty in October of concealing a 2016 data breach that affected 50 million riders and drivers.