Fraud charges in hacking case against Uber ex-security chief are dismissed

A U.S. judge on Tuesday granted a request by prosecutors to dismiss fraud counts against a former Uber Technologies Inc (UBER.N) security chief also charged with covering up a 2016 data hack affecting 57 million passengers and drivers.

U.S. District Judge James Donato in San Francisco dismissed the three wire fraud charges against Joseph Sullivan.

Prosecutors had requested the dismissal in a court filing last Wednesday, without explaining why, after a different judge ruled on June 28 they could pursue the charges.

Sullivan still faces two charges: obstructing a U.S. Federal Trade Commission proceeding, and failing to report a felony.

The office of U.S. Attorney Stephanie Hinds in San Francisco declined to comment. Lawyers for Sullivan did not immediately respond to requests for comment.

Sullivan is believed to be the first corporate information security officer criminally charged with concealing a hacking.

Prosecutors said he tried to conceal the hacking from passengers, drivers and the FTC by arranging to pay the hackers $100,000 in bitcoin, and having them sign nondisclosure agreements that falsely stated they had not stolen data.

Sullivan was also accused of withholding information from Uber officials who could have disclosed the breach to the FTC, which had been evaluating the San Francisco-based company’s data security following a 2014 breach.

While letting the fraud charges proceed, U.S. District Judge William Orrick nevertheless said prosecutors could not contend that Sullivan owed a duty to Uber drivers to reveal the hacking.

Orrick still oversees the case. Donato was the judge on duty to handle the dismissal request.

Uber fired Sullivan after learning the extent of the breach. In September 2018, the company paid $148 million to settle claims by the 50 U.S. states and Washington, D.C. that it was too slow to reveal the hacking.