A federal grand jury in San Francisco added wire fraud to the list of charges pending against Joseph Sullivan, former chief security officer at Uber, for his role in the alleged cover-up of the 2016 hack of user and driver records.
Sullivan, 52, was previously charged with obstruction of justice and misprision, or concealment, of a felony in connection with the alleged attempted cover-up of the incident, according to a statement last week by Acting United States Attorney Stephanie M. Hinds and FBI Special Agent in Charge Craig D. Fair.
Prosecutors said Sullivan, of Palo Alto, was serving as Uber’s chief security officer when hackers in 2016 revealed to him they had accessed and downloaded an Uber database containing personally identifying information, or PII, including approximately 600,000 driver’s license numbers associated with certain Uber drivers.
The previous charges filed against Sullivan alleged he orchestrated the disbursement of a six-figure payment to two hackers in exchange for their silence about the hack, and that he took deliberate steps to prevent drivers from discovering that the hack had occurred and took steps to conceal, deflect and mislead the U.S. Federal Trade Commission about the data breach.
Prosecutors said the new charges of three counts of wire fraud center around Sullivan’s attempt to defraud Uber’s drivers by failing to disclose the breach and that rather than notify the drivers of the breach, he took deliberate steps to ensure Uber’s drivers and others did not learn the true nature of the incident.
If convicted, Sullivan faces a maximum statutory penalty of 20 years in prison for each count of wire fraud, five years for the obstruction charge and a maximum three years for the misprision charge.