Former Uber Security Chief Avoids Jail Time for Data Breach Scandal, Gets Probation Joseph Sullivan was charged with obstruction of justice in 2020 and found guilty in October.

By Madeline Garfinkle Edited by Jessica Thomas

Opinions expressed by Entrepreneur contributors are their own.

Bloomberg | Getty Images
Uber headquarters in San Francisco, California.

Joseph Sullivan, former security chief for Uber, was sentenced to three years probation and 200 hours of community service for crimes related to a data breach scandal seven years ago.

In 2016, two hackers accessed the personal data of nearly 57 million Uber users and drivers. After emailing Sullivan about the security breach, the hackers demanded $100,000 for their silence — which Sullivan paid in Bitcoin from the company's bug bounty program.

Related: Uber Got Hacked and Paid the Hackers to Keep It Secret

"The criminal complaint alleges that Sullivan took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach," the U.S. Attorney's Office for the Northern District of California wrote in a 2020 press release after Sullivan was charged with obstruction of justice. Sullivan was ultimately found guilty in October.

Prior to the sentencing on Thursday, federal prosecutors recommended between 24 to 30 months of jail time for Sullivan. However, San Francisco district judge William Orrick granted Sullivan leniency due to the "unusual nature" of the case, Sullivan's character and that the crime was the first of its kind, The Wall Street Journal reported. However, Orrick noted that future offenders shouldn't expect as much grace.

"If there are more, people should expect to spend time in custody, regardless of anything, and I hope everybody here recognizes that," he said, per the WSJ.

Orrick was also encouraged not to sentence Sullivan to prison in a letter signed by nearly 50 former and current chief security officers from companies including Netflix, Blackstone and the U.S. government.

The individuals argued that the position requires making "nuanced judgment calls in a largely unregulated environment, which has few explicit rules and regulations, including rules about disclosing data security incidents to the government," the letter stated, per Bloomberg.

Related: 8 Ways a Data Breach Could Take Out Your Company Tomorrow
Madeline Garfinkle

News Writer

Madeline Garfinkle is a News Writer at Entrepreneur.com. She is a graduate from Syracuse University, and received an MFA from Columbia University. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Most Popular

See all
By Amanda Breen
Business News

AI Could Cause 99% of All Workers to Be Unemployed in the Next Five Years, Says Computer Science Professor

Professor Roman Yampolskiy predicted that artificial general intelligence would be developed and used by 2030, leading to mass automation.

By Sherin Shibu
Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

By Eve Gumpel
Buying / Investing in Business

From a $120M Acquisition to a $1.3T Market

Co-ownership is creating big opportunities for entrepreneurs.

By StackCommerce
Buying / Investing in Business

Big Investors Are Betting on This 'Unlisted' Stock

You can join them as an early-stage investor as this company disrupts a $1.3T market.

By StackCommerce
Business News

Mark Zuckerberg 'Insisted' Executives Join Him For a MMA Training Session, According to Meta's Ex-President of Global Affairs

Nick Clegg, Meta's former president of global affairs, says in a new book that he once had to get on the mat with a coworker.

By Erin Davis