Breaking News
More () »

Uber's former security chief found guilty of hiding data breach from regulators

The case is pivotal in changing how security officials handle data breaches and is the first high profile conviction against corporate executives over a breach.
Credit: AP
An Uber sign is displayed inside a car in Palatine, Ill., Thursday, Feb. 10, 2022. (AP Photo/Nam Y. Huh)

WASHINGTON — Uber's former security chief Joe Sullivan was found guilty by a federal court jury on Wednesday on charges that he failed to disclose a breach of customer information to federal regulators. 

Sullivan, who was fired from the ride-share company in 2017, was on trial for allegedly arranging to pay hackers a $100,000 to cover up the heist when the personal information of 57 million customers and drivers was stolen in 2016.

The jury found Sullivan guilty on one count of obstructing federal regulators' investigation and on one count of misprision, the act to conceal a felony from authorities, the New York Times reported.

Sullivan's trial ended Friday and after 19 hours the jury came to a verdict. The case is pivotal in changing how security officials handle data breaches, the New York Times reported.

The judge has yet to set a date for the former Uber security chief's sentencing. Sullivan may appeal if post-trial motions fail to set the verdict aside, according to the Washington Post. 

Court documents showed Sullivan had received an email from a hacker who claimed to have found a security flaw in its systems, just 10 days after the former security chief had been deposed by the Federal Trade Commission in a 2014 investigation of Uber. 

Sullivan had discovered the hacker and an accomplice had downloaded the personal information of 600,000 drivers and additional data associated with 57 million drivers, passengers, according to the New York Times. The hackers pressured Uber to then pay a minimum of $100,000. 

The former security chief referred the hackers to Uber's bug bounty program, which was a way of paying "white hat" researchers to report security flaws, the New York Times reported. 

Sullivan and Uber paid the hackers $100,000 and had them sign a nondisclosure agreement, according to the Times. The company kept the security breach a secret until 2017 when a new executive chief joined Uber. 

Before You Leave, Check This Out