Friday, April 11, 2025
HomeCyber AttackFormer Uber CISO Joseph Sullivan Charged for Helping Hackers for 2016 UBER...

Former Uber CISO Joseph Sullivan Charged for Helping Hackers for 2016 UBER Hack

Published on

SIEM as a Service

Follow Us on Google News

Recently, the former security chief of Uber, Joseph Sullivan, was Charged for helping hackers for the 2016 UBER hack. He has been charged for encasing up the company’s 2016 security breach, through which hackers hijacked the personal data of 57 million Uber users and the details of 600,000 Uber drivers. 

Joseph Sullivan was Uber’s chief security officer from April 2015 to November 2017. Recently, two hackers have already been pleaded guilty in the plan last year and are anticipating sentencing. 

The criminals charge filed against Joseph Sullivan on Thursday, and they claim that the hackers bestowed the data with a third person, and the third person might have all the data with him.

- Advertisement - Google News

According to the Court file, the DOJ administrators alleged that Sullivan “took cautious steps to hide, divert, and deceive the Federal Trade Commission regarding the 2016 data breach. 

The hackers were arrested and pleaded guilty in October 2019, they got arrested not just for the Uber hack but other offenses on tech businesses also, that followed their successful data breach of the Uber and ensuing payout.

In 2018, Uber Agreed to Pay $148 Million as a Settlement for 2016 Uber data breach which impacts 57 million Uber users around the world and 600,000 drivers names including their license numbers were stolen.

Uber CISO Joseph Sullivan Charged for Helping Hackers

Sullivan allegedly took cautious steps to restrict information regarding the breach from spreading to the FTC. Not only this, but Uber repaid the hackers $100,000 in BitCoin in December 2016, despite that the hackers refused to provide their real names. 

Moreover, Sullivan tried to have the hackers sign non-disclosure contracts, to keep himself safe and clean. The contracts carried a false description that says the hackers did not take or steal any data.  

Uber’s new administration discovered the truth and revealed the breach openly, and they also published it to the FTC, in November 2017. Since then, Uber has acknowledged further government inquiries. 

But Sullivan failed to fulfill the new administration team with essential details regarding the breach. That’s why in August of 2017, Uber nominated a new Chief Executive Officer, and in September 2017, Sullivan notified Uber’s new CEO regarding the 2016 incident via email. 

Sullivan urged his team to serve a summary of the whole data breach, but after he accepted their draft summary, he wrote it. His edits extracted details regarding the data that the hackers had taken. 

He incorrectly stated that payment had been made only after the hackers had been recognized. However, the new Uber CEO revealed all the information regarding the data breach to the public in November 2017. 

Soon after, this disclosure was accompanied by an FBI investigation, they immediately recognized and arrested the hackers, and both of them already pleaded guilty in October 2019.

When the FBI examined the case, they gained access to the company’s private communications; they also began to conjecture the role of Sullivan in enveloping up the 2016 data breach. 

The FBI found information regarding Sullivan and said that he spent two years continuing computer hacking crimes as an assistant before serving as a CISO of Uber. After getting so many allegations and proof against Sullivan, he got arrested by the FBI and taken for further investigation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Latest articles

Ivanti 0-Day RCE Flaw Exploitation Details Revealed

A critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-22457, has been disclosed by Ivanti, sparking concerns across...

Jenkins Docker Vulnerability Allows Hackers to Hijack Network Traffic

A newly disclosed vulnerability affecting Jenkins Docker images has raised serious concerns about network...

Microsoft Issues Urgent Patch to Fix Office Update Crash

Microsoft has released an urgent patch for Office 2016 to address a critical issue...

Shuckworm Group Leverages GammaSteel Malware in Targeted PowerShell Attacks

The Russia-linked cyber-espionage group known as Shuckworm (also identified as Gamaredon or Armageddon) has...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Rogue Account‑Creation Flaw Leaves 100 K WordPress Sites Exposed

A severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave...

The State of AI Malware and Defenses Against It

AI has recently been added to the list of things that keep cybersecurity leaders...

GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks

The threat actor known as GOFFEE has launched a series of targeted attacks against...