Former Uber CISO Joseph Sullivan Charged for Helping Hackers for 2016 UBER Hack

Recently, the former security chief of Uber, Joseph Sullivan, was Charged for helping hackers for the 2016 UBER hack. He has been charged for encasing up the company’s 2016 security breach, through which hackers hijacked the personal data of 57 million Uber users and the details of 600,000 Uber drivers. 

Joseph Sullivan was Uber’s chief security officer from April 2015 to November 2017. Recently, two hackers have already been pleaded guilty in the plan last year and are anticipating sentencing. 

The criminals charge filed against Joseph Sullivan on Thursday, and they claim that the hackers bestowed the data with a third person, and the third person might have all the data with him.

According to the Court file, the DOJ administrators alleged that Sullivan “took cautious steps to hide, divert, and deceive the Federal Trade Commission regarding the 2016 data breach. 

The hackers were arrested and pleaded guilty in October 2019, they got arrested not just for the Uber hack but other offenses on tech businesses also, that followed their successful data breach of the Uber and ensuing payout.

In 2018, Uber Agreed to Pay $148 Million as a Settlement for 2016 Uber data breach which impacts 57 million Uber users around the world and 600,000 drivers names including their license numbers were stolen.

Uber CISO Joseph Sullivan Charged for Helping Hackers

Sullivan allegedly took cautious steps to restrict information regarding the breach from spreading to the FTC. Not only this, but Uber repaid the hackers $100,000 in BitCoin in December 2016, despite that the hackers refused to provide their real names. 

Moreover, Sullivan tried to have the hackers sign non-disclosure contracts, to keep himself safe and clean. The contracts carried a false description that says the hackers did not take or steal any data.  

Uber’s new administration discovered the truth and revealed the breach openly, and they also published it to the FTC, in November 2017. Since then, Uber has acknowledged further government inquiries. 

But Sullivan failed to fulfill the new administration team with essential details regarding the breach. That’s why in August of 2017, Uber nominated a new Chief Executive Officer, and in September 2017, Sullivan notified Uber’s new CEO regarding the 2016 incident via email. 

Sullivan urged his team to serve a summary of the whole data breach, but after he accepted their draft summary, he wrote it. His edits extracted details regarding the data that the hackers had taken. 

He incorrectly stated that payment had been made only after the hackers had been recognized. However, the new Uber CEO revealed all the information regarding the data breach to the public in November 2017. 

Soon after, this disclosure was accompanied by an FBI investigation, they immediately recognized and arrested the hackers, and both of them already pleaded guilty in October 2019.

When the FBI examined the case, they gained access to the company’s private communications; they also began to conjecture the role of Sullivan in enveloping up the 2016 data breach. 

The FBI found information regarding Sullivan and said that he spent two years continuing computer hacking crimes as an assistant before serving as a CISO of Uber. After getting so many allegations and proof against Sullivan, he got arrested by the FBI and taken for further investigation.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.