Sullivan covered up the attack to protect Uber
According to information presented by US authorities, Sullivan shared details of the attack, as well as the ransom payment, with then-Uber CEO Travis Kalanick.
According to prosecutors’ evidence reported by Bloomberg, Sullivan did not disclose the breach to protect his reputation, since when he joined the company in 2015, he had allegedly improved the company’s security.
Sullivan’s lawyers said his actions were aimed at preventing a data leak, and he got the attackers to sign non-disclosure agreements promising not to leak the information.
“Sullivan’s sole focus, in this incident and throughout his distinguished career, has been to ensure the security of people’s data on the internet,” the former executive’s attorney, David Angeli, told the NYT. However, for this case, Sullivan could face up to eight years in prison. However, he is likely to have a much shorter sentence.
It is worth mentioning that when Dara Khorosrowshahi became the CEO of Uber, he was aware of the problem, although not of its true scope. Despite this, he publicly admitted the infraction, fired Sullivan and paid 148 million in civil litigation until the case was resolved in July of this year.
Likewise, it reached an agreement with the FTC to establish a privacy program for the next 20 years, in addition to reporting any incident related to “unauthorized intrusion into user information”, such as the one suffered a few months ago by by Lapsus$.