UBER former security chief accused of concealing data leak

The Justice Department has prosecuted Uber ‘s former technology chief for deliberately concealing a data leak that involved more than 50 million users. Although Uber and his then-head security officer heard of the attack in 2016, the firm did not reveal it publicly until one year later, prosecutors said. 

Sullivan is accused with misprision of a crime in relation to obstructing justice, suggesting he learned about the violation and took measures to hide it. When convicted, he faces up to 5 years in jail for the crime of obstruction and up to 3 years on the crime of imprisonment.

The lawsuit charges that Sullivan and Uber (UBER) made arrangements to pay $100,000 to the hackers in return for agreeing a hack-related confidentiality agreement which later claimed that they had not hacked or stored company data. Until late 2017 Uber did not report the violation or bill. 

Within the criminal report filed within California’s Northern District, the FBI outlines some of the actions that Sullivan reportedly took after he learned the driver’s license information may have been used in the hack. The provisions of Uber’s bug bounty scheme “did not allow the rewarding of a hacker who had compromised and retrieved personally identifying customer and driver information from Uber managed networks, according to the criminal complaint. 

The ride hailing company has been assisting the government in the probe since November 2016, according to the Justice Department release. 

Sullivan, a retired US Legal Clerk, joined Uber from Facebook in 2015, where he worked as Chief Security Officer for more than five years after stints at eBay and PayPal. He is currently the Chief Security Officer of Clou, an Internet technology company