Joe Sullivan, the former chief security officer at Uber, has been found guilty of covering up the massive 2016 cyber attack when a hacker downloaded the personal information of more than 57 million people.
This may be the first time a senior company executive faced criminal prosecution over a hack.
According to the Washington Post, Sullivan was convicted of federal charges “stemming from payments he quietly authorised to hackers who breached the ride-hailing company in 2016”.
Sullivan was found “guilty of obstructing justice for keeping the breach from the Federal Trade Commission (FTC) and of actively hiding a felony,” the report said late on Wednesday.
In July, Uber admitted that it covered up a massive data breach in 2016 that exposed data pertaining to approximately 57 million users and 600,000 drivers’ license numbers.
Uber settled civil litigation with the attorneys general for all 50 states and the District of Columbia related to the 2016 data breach, paying $148 million and agreeing to implement a corporate integrity programme.
On September 16, Khosrowshahi testified against Sullivan, saying, “He was my chief security officer, and I could not trust his judgment anymore.”
The ride-hailing platform has entered a non-prosecution agreement with the federal prosecutors to resolve a criminal investigation into the coverup of the 2016 data breach.
The breach was not reported to the FTC until approximately a year later, when new executive leadership was managing the company, revealed the Justice Department.
In a latest hack by an 18-year-old hacker, the ride-hailing platform Uber said last month that no private information of its users was exposed in the data breach.
An 18-year-old hacker had broken into the internal systems of Uber, reaching company tools, including Amazon Web Services and Google Cloud Platform, and employees thought someone was playing a prank.
The hacker made himself known to Uber employees by posting a message on the company’s internal communication system Slack.