Uber’s former chief security officer was sentenced to probation for attempting to bury a mass data breach affecting millions of users. Image source: Cottonbro Studio, via Pexels
Uber’s former chief security officer was sentenced to a three-year term of probation and ordered to pay a $50,000 fine after attempting to cover up a mass data breach in which tens of millions of customer records were accessed by hackers.
Sullivan, 54, was hired by Uber in 2015 as the company’s chief security officer.
The following year, Sullivan received an email from hackers informing him that approximately 57,000 user profiles and 600,000 drivers licence numbers were compromised.
Sullivan arranged to pay the hackers $100,000 in bitcoin to hide evidence of the breach from the public and the Federal Trade Commission, who were already conducting an investigation on a smaller hacking incident from 2014.
More than 180 letters of support were submitted to the Federal Court in praise and defence of Sullivan, imploring the court to spare him from jail time.
The US attorney’s office in San Francisco responded to the outpouring of support for Sullivan, saying that they would not make an exception of him on the basis of his wealth and social status.
“[Sullivan] has a spotless history. He is respected in his community. He is an innovator in his field,” said the memo.
“But, when given the opportunity to choose between himself and adherence to the law, he chose himself. Worse than that, Defendant Sullivan prioritized his and Uber’s interests over those of the tens of millions of Uber users and riders who trusted their personal information to the company.”
“There cannot be two different systems of justice, one for the privileged and another for the rest,” the memo argued.
“Any such perception would do grievous damage to public respect for the law.”
No other Uber executives were charged in relation to the case.
In 2019, the hackers who accessed the data pleaded guilty to computer fraud conspiracy charges.
They are currently awaiting sentencing.
