By Joseph Menn and Dustin Volz
SAN FRANCISCO/WASHINGTON (Reuters) – Three senior managers in Uber Technologies Inc’s [UBER.UL]security unit resigned on Friday, an Uber spokesperson said, days after the company’s new chief executive officer disclosed a massive data breach and criticized past security practices.
Uber’s CEO, Dara Khosrowshahi, who was installed in the top job in August, disclosed the data breach last month shortly after learning of it himself, saying that “none of this should have happened.” Uber’s security practices are also under scrutiny in a high-stakes legal battle with self-driving car company Waymo, an Alphabet Inc <GOOGL.O> subsidiary.
Uber last week said it fired its chief security officer, Joe Sullivan, over his role in the 2016 data breach, which compromised data belonging to 57 million customers and about 600,000 drivers. The resignations Friday came amid mounting frustration within Uber’s security team over Sullivan’s dismissal and the company’s handling of the public disclosure of the breach.
The three managers who resigned were Pooja Ashok, chief of staff for Sullivan; Prithvi Rai, a senior security engineer and the number two manager in the department; and Jeff Jones, who handled physical security, the Uber spokesperson said. Ashok and Jones will remain at the company until January to assist in transition, the spokesperson said.
A fourth individual, Uber’s head of Global Threat Operations, Mat Henley, began a three-month medical leave, said a separate source familiar with the situation. The departures include most of Sullivan’s direct reports.
None of the four immediately responded to requests for comment. Emails in connection with the departures, described by the separate source, complained of emotional and physical strain from the past year.
Sullivan in August told Reuters that his security team totalled around 500 employees.
Leadership in the unit has been in turmoil since the termination last week of Sullivan and a deputy, as well as Uber’s admission that it paid $100,000 to hackers to delete stolen data from the October 2016 breach and keep it secret, while failing to report the incident to regulators or warn customers that their phone numbers and other data had been exposed.
In the Waymo case, testimony at a pretrial hearing this week focused on claims by former employee Richard Jacobs that Uber had a special unit within its security team that tried to obtain programming code and other trade secrets from rivals.