Joseph Sullivan, a former chief security officer for Uber, was found guilty of paying hackers $100,000 after they gained access to 57 million records of Uber customers, including names and phone numbers.
Sentenced today, he has avoided jail and instead been sentenced to three years’ probation for covering up a cyber-attack from authorities. Additionally, he is liable to a fine of $50,000, and 200 hours community work.
The sentence was leniant given the prosecutors wanted a 15-month jail.
Sullivan was also found guilty of obstructing an investigation from the Federal Trade Commission.
Early reports suggest that the Judge showed Sullivan leniency partly because this was the first case of its kind.
Details of the Uber Cyber Attack
Sullivan began his role as Uber’s chief security officer in 2015.
In 2015, records of 57 million Uber users was stolen.
It is alleged Sullivan negotiated $100,000 to be paid to the hackers as a bug bounty, a term that describes payments to hackers that disclose vulnerabilities before publishing them so they can be fixed by the target of the hack.
The hackers subsequently faced conspiracy charges in 2019 and pleaded guilty. And the investigation of this led to Sullivan being charged.