Skip to main content

Ex-Uber exec charged over data breach cover-up

(Image credit: Image Credit: LightField Studios / Shutterstock)

A former Uber executive has been charged with multiple criminal acts, including covering up a data breach, withholding information from law enforcement agencies and paying cybercriminals hush money (opens in new tab).

According to a complaint filed last week at a US court, former Uber CSO Joseph Sullivan tried to cover up a 2016 data breach that affected approximately 57 million users and drivers.

When he found out about the breach, Sullivan tried to pay off the criminals (opens in new tab) via the company’s bounty hunting program (which offers payouts to white hat hackers that disclose system vulnerabilities). In total, he paid the hackers roughly $100,000 in bitcoin.

The two individuals responsible for the original breach were identified as Brandon Glover and Vasile Mereacre. Both pleaded guilty and are currently awaiting sentencing.

Sullivan, having tried to conceal the whole ordeal, is looking at five years in jail for the obstruction of justice and additional three for misprision.

The defendant's spokesperson Bradford Williams said (opens in new tab)there was "no merit" to the charges and praised Sullivan for identifying the real criminals.

"From the outset, Mr. Sullivan and his team collaborated closely with legal, communications and other relevant teams at Uber, in accordance with the company's written policies," he said.

"Those policies made clear that Uber's legal department - and not Mr. Sullivan or his group - was responsible for deciding whether, and to whom, the matter should be disclosed."

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.