Joseph Sullivan, Ex-Uber Executive, Receives Probationary Sentence for Concealing Cyber-Attack

Share now

Read this article in:

Joseph Sullivan, Ex-Uber Executive, Receives Probationary Sentence for Concealing Cyber-Attack
© National Institute of Standards and Technology 

After being found guilty of paying hackers $100,000 to conceal the breach of 57 million customer records in November 2016, Joseph Sullivan, the former Chief Security Officer of Uber, has been sentenced to three years of probation for obstructing an investigation into the cyber-attack.

Under the pretext of a “bug bounty,” a payment system for cybersecurity researchers who reveal vulnerabilities in systems to aid in fixing them, the hackers who stole a substantial amount of data, including the personal information of 57 million Uber users and 600,000 driver’s license numbers, were paid.

Joseph Sullivan, the former Chief Security Officer of Uber, was sentenced to three years of probation, a $50,000 fine, and 200 hours of community service for obstructing an investigation into the cyber-attack. The United States Department of Justice (DoJ) reported that the hackers had initially contacted Sullivan. Sullivan, in turn, arranged payment to the hackers in exchange for their silence. The hackers faced conspiracy charges in 2019 and admitted guilt. Originally, prosecutors had sought a 15-month prison sentence for Sullivan.

Despite Joseph Sullivan’s conviction for obstructing an investigation into a cyber-attack, Judge William Orrick decided to be lenient, citing the unique nature of the case and Sullivan’s character. However, the judge cautioned that future offenders should expect to face imprisonment if they commit similar offenses in the future.

Joseph Sullivan’s case has brought to the forefront the problem of companies resorting to paying off hackers to conceal data breaches, which is an unacceptable practice. The incident also raises concerns about companies’ role in reporting cyber-attacks and safeguarding user data. As a result, the case is anticipated to have implications for how businesses handle data breaches and the accountability of executives implicated in cover-ups.


This situation involving Sullivan serves as a reminder of the ongoing challenges related to cybersecurity and data protection in today’s digital age. Such breaches can result in severe financial loss, identity theft, and reputational harm to both individuals and companies. In recent years, numerous prominent organizations have encountered similar cyber-attacks, including Equifax, Yahoo, and Marriott.

The Uber cyber-attack case has highlighted the importance of transparency and prompt reporting of such incidents, as it took the company over a year to disclose the breach. The handling of the situation has raised concerns about the role of executives in cover-ups, with Sullivan’s conviction serving as a warning to others that such actions will not go unpunished.

Moreover, the case has also brought into question the ethics of paying hackers to keep quiet about data breaches, as it can encourage further attacks and undermine cybersecurity efforts. It is crucial for companies to prioritize the protection of customer data and take immediate action in response to breaches, rather than attempting to conceal the issue.

Overall, the case of Joseph Sullivan highlights the need for greater vigilance and transparency in the field of cybersecurity and the potential consequences of failing to do so. Companies must prioritize data protection and take all necessary measures to prevent, detect, and respond to cyber-attacks.


Get the top Stories in your Inbox

Sign up for our Newsletters
[mc4wp_form id="399"]

Specials from our Partners