Former Uber security chief to face wire fraud charges for 2016 hack

Joe Sullivan, once Uber’s CSO, is now facing additional charges for his alleged role in concealing a massive hack. The post Former Uber security chief to face wire fraud charges for 2016 hack appeared first on Silicon Republic.

Former Uber security chief to face wire fraud charges for 2016 hack

Former Uber chief security officer Joe Sullivan is set to face wire fraud charges in the US for his alleged attempt to cover up a 2016 data breach that saw 57m user and driver records compromised by hackers.

The US Department of Justice had added these charges as part of an ongoing case against Sullivan for his “attempt to defraud Uber’s drivers by failing to disclose the 2016 breach”. The former Uber CSO was charged in August 2020 and indicted the following month.

Details of the Uber hack and corporate cover-up first emerged in late 2017, when Sullivan was fired by Uber for his role.

Prosecutors said that Sullivan was serving as Uber’s chief security officer when hackers revealed to him that they had accessed and downloaded a database containing personally identifying information, or PII, including approximately 600,000 driver licence numbers.

Sullivan allegedly orchestrated a six-figure payment to two hackers in exchange for their silence about the hack. The indictment further alleges that he took “deliberate steps” to prevent news of the hack from being made public and to mislead the US Federal Trade Commission about the data breach.

According to Reuters, US district judge William Orrick rejected Sullivan’s claim yesterday (28 June) that prosecutors did not adequately allege he concealed the hacking to ensure that Uber drivers would not flee and would continue paying service fees.

He also rejected Sullivan’s claim that those allegedly deceived were Uber’s then-chief executive Travis Kalanick and its general counsel – not Uber drivers.

The case is likely the first instance of a corporate security chief being criminally charged for covering up a hacking.

“When a company like Uber gets hacked, we expect good corporate citizenship, we expect disclosure to the employee and consumer victims in that hack,” US attorney David Anderson said in August 2020. “In this case, what we saw was the exact opposite of good corporate behaviour.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

The post Former Uber security chief to face wire fraud charges for 2016 hack appeared first on Silicon Republic.