Ex-security boss at Uber accused of covering up huge data breach

Published on: 24 Aug 2020

The 52-year-old is accused of trying to cover up a data breach in 2016 that exposed the details of 57 million Uber drivers and passengers.

The company has previously admitted to paying a group of hackers a $100,000 (£75,000) ransom to delete the data they had stolen.

Mr Sullivan was fired in 2017 when the data breach was revealed.

The charges filed by the US Department of Justice said Mr Sullivan had taken ‘deliberate steps’ to stop the Federal Trade Commission (FTC) from finding out about the hack.

He is accused of approving the $100,000 payment to the hackers, which was made in bitcoin.

The payment was disguised as a ‘bug bounty’ reward, used to pay cyber-security researchers who disclose vulnerabilities so they can be fixed. 

The charges allege that he asked the hackers to sign non-disclosure agreements, falsely stating they had not stolen any Uber data.

Mr Sullivan currently works as chief information security officer at cyber-security firm Cloudflare.

Uber chief executive Dara Khosrowshahi disclose the data breach in 2019. The company eventually paid $148m to settle legal claims by all 50 US states and Washington DC.