Former Uber Security Chief Joo Sullivan has been convicted of covering up a cyberattack, compromising data of over 57 million people, in 2016, The Verge reported.
According to The Verge, a hacker downloaded the personal information of more than 57 million people, including their names, email addresses, and phone numbers for more than 50 million Uber riders and 7 million drivers, as well as driver’s license numbers for another 600,000 drivers.
The jury convicted Sullivan on two counts: one for obstructing justice by not revealing the breach to the FTC and another for misprision, which is concealing a felony from the authorities, the New York Times and Washington Post reported.
It is the first time a company executive fronts criminal prosecution over a hack.
The 2016 violation ensued when two outsiders trawling Github found credentials giving them access to Uber’s Amazon Web Services (AWS) storage, which they used to download its database backups. The hackers then contacted Uber and negotiated a ransom payment in exchange for a promise to delete the stolen information, paid out in $100,000 worth of Bitcoin, and treated as part of the company’s Bug Bounty program. They eventually pleaded guilty to hacking the company in 2019.
Also Read: Uber seals taxi deal
Prosecutors argued Sullivan didn’t reveal the attack to protect his reputation. He was supposed to have improved Uber’s security after joining the company in 2015. Sullivan faces up to eight years in prison but is “likely” to have a far shorter sentence, Bloomberg reported.
