Skip to main content

Ex-Uber exec charged over data breach cover-up

(Image credit: Image Credit: LightField Studios / Shutterstock)

A former Uber executive has been charged with multiple criminal acts, including covering up a data breach, withholding information from law enforcement agencies and paying cybercriminals hush money.

According to a complaint filed last week at a US court, former Uber CSO Joseph Sullivan tried to cover up a 2016 data breach that affected approximately 57 million users and drivers.

When he found out about the breach, Sullivan tried to pay off the criminals via the company’s bounty hunting program (which offers payouts to white hat hackers that disclose system vulnerabilities). In total, he paid the hackers roughly $100,000 in bitcoin.

The two individuals responsible for the original breach were identified as Brandon Glover and Vasile Mereacre. Both pleaded guilty and are currently awaiting sentencing.

Sullivan, having tried to conceal the whole ordeal, is looking at five years in jail for the obstruction of justice and additional three for misprision.

The defendant's spokesperson Bradford Williams said there was "no merit" to the charges and praised Sullivan for identifying the real criminals.

"From the outset, Mr. Sullivan and his team collaborated closely with legal, communications and other relevant teams at Uber, in accordance with the company's written policies," he said.

"Those policies made clear that Uber's legal department - and not Mr. Sullivan or his group - was responsible for deciding whether, and to whom, the matter should be disclosed."