Former Uber Chief Security Officer To Face Wire Fraud Charges | USAO-NDCA | Department of Justice

SAN FRANCISCO – A federal grand jury handed down a superseding indictment today adding wire fraud to the list of charges pending against Joseph Sullivan for his role in the alleged attempted cover-up of the 2016 hack of Uber Technologies Incorporated, announced Acting United States Attorney Stephanie M. Hinds and FBI Special Agent in Charge Craig D. Fair.  The 2016 hack implicated approximately 57 million user and driver records—Sullivan already was charged with obstruction of justice and misprision of a felony in connection with the alleged attempted cover-up of the incident.   

Sullivan, 52, of Palo Alto, Calif., was serving as Uber’s Chief Security Officer when hackers revealed to him that they had accessed and downloaded an Uber database containing personally identifying information, or PII, including approximately 600,000 driver’s license numbers associated with certain Uber drivers.  The superseding indictment describes how Sullivan allegedly orchestrated the disbursement of a six-figure payment to two hackers in exchange for their silence about the hack.  The superseding indictment further alleges that Sullivan took deliberate steps to prevent persons whose PII was stolen from discovering that the hack had occurred and took steps to conceal, deflect, and mislead the U.S. Federal Trade Commission (FTC) about the data breach.

“Institutions that store personal information of others must comply with the law,” said Acting U.S. Attorney Hinds. “When hacks like this occur, state law requires notice to victims.  Federal law also requires truthful answers to official government inquiries.  The indictment alleges that Sullivan failed to do either.  We allege Sullivan falsified documents to avoid the obligation to notify victims and hid the severity of a serious data breach from the FTC, all to enrich his company.”

Leave a Comment