The former Chief Security Officer of Uber, Joseph Sullivan, was found guilty of giving a huge amount of $100,000 to the hackers who gained access to 57 million records of Uber customers, including their contact details and names. Mr. Sullivan is sentenced to probation for three years for covering up a “cyber attack” from authorities.
In addition, he must perform 200 hours of charitable work and pay a $50,000 fine.
Initially, the prosecution requested a 15-month prison term. Sullivan was also found guilty of impeding a Federal Trade Commission probe.
Sullivan was given mercy by judge William Orrick, according to the Wall Street Journal, in part because this was the first instance of its sort and in part due to Sullivan’s character.
He remarked, “I hope everyone here understands that if there are any additional individuals, they should expect to spend time in custody, irrespective of anything.”
Sullivan took on his position as Uber’s chief security officer in 2015.
The US “Department of Justice (DOJ)” claims that in November 2016, the hackers that attacked Uber sent Sullivan an email informing him that they had stolen a significant amount of data that they would erase in exchange for a ransom.
Employees at Sullivan confirmed that information, including profiles for 57 million Uber customers and 600,000 licence numbers, had been stolen.
The DOJ claims that Sullivan negotiated a payment of $100,000 to the hackers in exchange for their signing non-disclosure agreements promising to keep the intrusion a secret.
The hackers received payment in December 2016 under the guise of a “bug bounty,” an incentive given to cyber-security researchers who reveal flaws so they can be addressed. The hackers then pleaded guilty to conspiracy charges in 2019.