- By Tom Gerken
- Technology reporter
Image source, Getty Images
Uber’s former chief security officer has avoided jail and been sentenced to three years’ probation for covering up a cyber-attack from authorities.
Joseph Sullivan was found guilty of paying hackers $100,000 (£79,000) after they gained access to 57 million records of Uber customers, including names and phone numbers.
He must also pay a fine of $50,000, and serve 200 hours of community service.
Prosecutors originally asked for a 15-month prison sentence.
Sullivan was also found guilty of obstructing an investigation from the Federal Trade Commission.
“If there are more, people should expect to spend time in custody, regardless of anything, and I hope everybody here recognises that,” he said.
The hack
Sullivan began his role as Uber’s chief security officer in 2015.
Staff working for Sullivan confirmed data, including records of 57 million Uber users and 600,000 driving licence numbers, had been stolen.
According to the DOJ, Sullivan arranged for the hackers to be paid $100,000 in exchange for them signing non-disclosure agreements to not reveal the hack to anyone.
The hackers were paid in December 2016, disguised as a “bug bounty” – a reward used to pay cyber-security researchers who disclose vulnerabilities so they can be fixed.
The hackers subsequently faced conspiracy charges in 2019 and pleaded guilty.
