Uber security chief must face wire fraud charges

Uber security chief must face wire fraud charges

A federal judge said on Tuesday that a former Uber Technologies Inc security chief must face wire fraud charges over his alleged role in attempting to cover up a 2016 hacking that exposed personal information of 57 million passengers and drivers.

In December, the U.S. Department of Justice added three charges against Joseph Sullivan, which he arranged to pay money to two hackers in exchange for their silence, while trying to hide the hacking from passengers, drivers and the U.S. Federal Trade Commission.

U.S. District Judge William Orrick in San Francisco rejected Sullivan's claim that prosecutors did not adequately allege he concealed the hacking to ensure that Uber drivers would not flee and would continue to pay service fees.

Orrick rejected Sullivan's claim that the people allegedly deceived were Uber's then-chief executive, Travis Kalanick, and its general counsel, not drivers.

According to the indictment, Orrick wrote that those misrepresentations, though not directly made to Uber drivers, were part of a larger scheme to defraud them.

Lawyers for Sullivan did not respond to requests for comment. Sullivan faces two obstruction charges.

The defendant was originally indicted in September 2020, and is believed to be the first corporate information security officer criminally charged with concealing a hacking.

Prosecutors said Sullivan arranged to pay the hackers $100,000 in bitcoins and have them sign non-disclosure agreements that falsely stated they had not stolen data.

Uber had a bounty program designed to reward security researchers who report flaws, not cover up data thefts.

After learning of the breach, Uber's current chief executive, Dara Khosrowshahi fired Sullivan.

In September 2018, the San Francisco-based company paid $148 million to settle claims by all 50 U.S. states and Washington, D.C. that it was too slow to reveal the hacking.