Uber’s Ex-CSO Accused Of A Cover Up

Uber's former Chief Security Officer (CSO)  Joseph Sullivan has been charged with obstruction of justice and stands  accused of trying to cover up a data breach in 2016 that exposed the details of 57 million Uber drivers and passengers. 

The company has previously admitted to paying a group of hackers a $100,000 (£75,000) ransom to delete the data they had stolen. A criminal complaint has also been filed against Sullivan preventing justice being done regarding hiding the hacking attack Uber Technology suffered.

In addition to hiding the attack, he is charged with  intentionally preventing information about the attack  from reaching the US Federal Trade Commission (FTC). The payment was disguised as a "bug bounty" reward, used to pay cyber-security researchers who disclose vulnerabilities so they can be fixed. The charges allege that he asked the hackers to sign non-disclosure agreements, falsely stating they had not stolen any Uber data.

Mr Sullivan was subsequently fired form his job at Uber in 2017 when the data breach was finally revealed. 

Mr Sullivan denies the charges and is currently employed as chief information security officer at leading cybersecurity firm Cloudflare. The current CEO of Uber,  Dara Khosrowshahi disclosed the data breach in 2017 after taking over from his controversial predecessor, Travis Kalanick, who is no longer connected with Uber.

The the company eventually paid $148m to settle legal claims by all 50 US states and Washington DC.

It was stated that Sullivan, who worked as a security manager at Uber between 2015 and 2017, was secretly contacted by hackers via e-mail, and the attackers were informed that Sullivan issued the payment. It was reported that the hackers had access to information belonging to 57 million Uber users and employees, including the driver’s license numbers of 600 thousand people. It is alleged that Sullivan knowingly and willingly tried to hide all these events from the Federal Trade Commission.

Many large companies have open bug bounty schemes that invite hackers, under strict conditions, to test their computer systems for flaws. If they find one, they get paid and the company can fix it without needing to alert the authorities.

US Dept. of Justice:          Forbes:        Bloomberg:         BBC:     SOMAG News:

You Might Also Read:

How Can Boardrooms Effectively Manage Cyber Risk?:
 

 

« Will It Be The US That Breaks Up The Internet?
Facebook, Instagram, Twitter & YouTube Have All Become Search Engines »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

DeuZert

DeuZert

DeuZert is an accredited German certification body in accordance with ISO/IEC 27001 (Information Security Management).

Drootoo

Drootoo

Drootoo is transforming businesses and making them high performing entities with its unified cloud platform.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Ankura Consulting Group

Ankura Consulting Group

Ankura is a global expert services and advisory firm that delivers services and end-to-end solutions in a wide range of areas including cybersecurity and digital transformation.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.