Replace 05/05/23: Late on Thursday, federal choose William Orrick declared Uber’s former head of cybersecurity Joseph Sullivan would endure no jail time for protecting up a large safety breach on the ride-hailing firm seven years in the past. He’s as an alternative being placed on probation and should full 200 hours of neighborhood service.
In accordance with The Wall Street Journal, Orrick instructed the court docket he was displaying Sullivan leniency as a result of uncommon nature of the case and it being the primary of its form. He additionally introduced up Sullivan’s supposed character because of the mass quantity of letters displaying the ex-cyber safety official their assist. The choose added that if extra cyber safety officers go the identical route as Sullivan, they might anticipate precise jail time.
Prosecutors beforehand argued for as much as a number of years in jail, however Sullivan’s attorneys pointed to the round 180 letters he acquired testifying to his prior work in cybersecurity. A type of letters was signed by 40 former or present firm safety execs.
Authentic story:
Again in 2016, Uber suffered a safety breach ensuing within the leak of 57 million customers’ names, cellphone numbers, e-mail addresses—together with the private information and even drivers’ licenses of 600,000 Uber drivers. As an alternative of publicly acknowledging the hack, Sullivan and a few staff working for him paid the hackers roughly $100,000 to keep the breach secret. The ransom, paid in bitcoin, got here from the corporate’s bug bounty program, although the corporate’s typical most for bug discovering is simply $10,000, and Uber didn’t make any point out of the breach to the general public. At the moment, the Federal Commerce Fee was already investigating the corporate over one other breach that occurred in 2014, earlier than Sullivan signed on as the brand new safety chief after leaving Facebook (now Meta).
In accordance with the Wall Street Journal, Sullivan’s attorneys argued in court docket that Sullivan made the hackers signal nondisclosure agreements displaying they destroyed all of the hacked information, although to this present day it’s unclear if it was confirmed the hacked information was ever really deleted. Attorneys for Sullivan argued that settlement was sufficient assurance to the corporate for them to categorise the incident as a mere bug bounty, as if the hackers had been simply white hats letting Uber know of its vulnerabilities reasonably than stealing information.
After Uber’s present CEO Dara Khosrowshahi got here onto the scene, reporters uncovered the hack and coverup, and the corporate quickly fired Sullivan and ordered an inner investigation into him and Craig Clark, one of many legal professionals who reported to the previous CSO.
The ex-Uber exec was charged with obstruction of justice in 2020. A jury convicted Sullivan in October last year of attempting to cover the safety breach. The court docket discovered him guilty of obstruction and misprison of a felony for his work hiding the info of the safety breach from the FTC.
Federal choose for the Northern District of California William Orrick is ready to condemn Sullivan someday after 1:30 p.m. PT, or 4:30 ET. Federal prosecutors have recommended that the ex-Uber exec face between 24 and 30 months of jail time. The U.S. Attorneys additionally talked about fellow Uber govt Anthony Levandowski, who beforehand pleaded responsible and was sentenced to 18 months for stealing trade secrets from Google.
“If not for the fortuitous arrival of latest management at Uber, there’s each cause to imagine the tens of tens of millions of victims of the 2016 Knowledge Breach by no means would have discovered about it,” prosecutors wrote of their sentencing memorandum.
Gizmodo reached out to Sullivan’s attorneys from the Angeli Regulation Group, however we didn’t instantly hear again. His legal professionals have argued in court docket paperwork that any quantity of jail time could be “not vital” since he “has suffered, and can proceed to endure, vital penalties due to this case.” His attorneys additionally responded to the fed’s request for 2 years or extra of jail, asking the court docket to take into consideration his devotion to his household and “staunch dedication to public service.”
The corporate has skilled main hacks, like in 2022 when the LAPSUS$ gang managed to access the company’s internal network and Slack channel. The corporate was a lot faster to offer particulars on that breach than its earlier hacks. Uber has tried to repair its picture from being the data hungry mammoth it’s. Although the corporate has been more willing to show users what kind of data it has on users, it nonetheless plans to make use of extra of shoppers’ information to conduct more native advertising while in-app.
Trending Merchandise
