Jury: Former Uber security chief concealed a data breach in 2016

Joseph Sullivan, the former chief of security for Uber taxi service, has been found guilty of concealing a major data breach in 2016, a jury judges at a federal court in San Francisco. The data of 57 million customers and drivers was stolen.

Sullivan has been found guilty on two charges: obstruction of justice and willful concealment of a crime, writes the US Department of Justice on Wednesday. The former head of security has not yet been convicted by the judge. Sullivan can be jailed for up to 5 years for obstructing justice, and up to 3 years in prison for intentionally concealing a crime. The former head of security has been released on bail and is free to await his sentencing. This will be determined at a later date.

In November 2016, Uber was hacked, stealing the data of 57 million customers and drivers. The hackers obtained the data from a repository on GitHub, which was used by Uber engineers. The hackers were able to access the data on an Amazon Web Services account via login details. It wasn’t until a year after the incident that Uber came out about the data breach.

Sullivan has tried to hide the data breach from the US market authority FTC and has taken steps to prevent the hackers from being caught. Prosecutors in the case said in 2020 that then-security chief made the hackers pay $100,000 in bitcoin and sign non-disclosure agreements, falsely stating that they had not stolen any data.

Sullivan is also accused of withholding information from Uber officials who could have reported the break-in to the FTC. The market authority increased its assessment of the company’s data security after a 2014 hack that gave criminals access to the data of 50,000 Uber customers.