Former Uber security chief charged with covering up 2016 hack

Joseph Sullivan has been charged with obstruction of justice.

Sponsored Links

An Uber sticker is seen on a car at the start of a protest by ride share drivers on August 20, 2020 in Los Angeles, California. - Rideshare service rivals Uber and Lyft were given a temporary reprieve on August 20 from having to reclassify drivers as employees in their home state of California by August 21. (Photo by Robyn Beck / AFP) (Photo by ROBYN BECK/AFP via Getty Images)
ROBYN BECK via Getty Images

Federal prosecutors have charged Uber's former security chief, Joseph Sullivan, with obstruction of justice for attempting to hide the company's 2016 data breach from the Federal Trade Commission (FTC). The hack exposed the email addresses and phone numbers of 57 million Uber drivers and customers.      

Instead of disclosing the breach to the FTC, which was investigating an earlier 2014 hack into Uber, Sullivan allegedly paid the culprits $100,000 in bitcoin. The Justice Department says the former executive tried to pay the hackers through Uber's bug bounty program. He also attempted to convince them to sign nondisclosure agreements. Uber later fired Sullivan in 2017 when the company's current CEO, Dara Khosrowshahi, found out about how he had handled the situation.  

In addition to obstruction of justice, prosecutors charged Sullivan with failing to share knowledge of a felony. In total, he faces up to eight years in prison if convicted of both charges. 

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

"We expect good corporate citizenship," said US Attorney David L. Anderson. "We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush-money payments." 

Bradford Williams, Sullivan's attorney, told The New York Times there's "no merit" to the charges. "If not for Mr. Sullivan's and his team's efforts, it's likely that the individuals responsible for this incident never would have been identified at all," he said. Williams added that Sullivan and his team worked closely with other Uber employees and followed the company's policies.

Meanwhile, a spokesperson for Uber told The New York Times it continues to cooperate with the Justice Department’s investigation into the 2016 hack. "Our decision in 2017 to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability," they said.

Sullivan may become the second former Uber employee to end up behind bars. At the start of August, Anthony Levandowski, the engineer at the center of the trade secret legal battle between Waymo and Uber, was sentenced to 18 months in prison

Correction, 8/26/20 9:30AM ET: This story’s headline originally said that Sullivan was arrested; he was charged with obstruction of justice but was not placed under arrest. We apologize for the error.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Former Uber security chief charged with covering up 2016 hack