Uber Ex-Security Chief Silently Paid Hackers $100,000 in Bitcoin in Hush Money
Uber Technologies’ former chief security officer was charged with covering up a data breach in 2016 that compromised the personal information of 57 million drivers and users. Ex-CSO Joseph Sullivan is charged with obstruction of justice and failing to report the knowledge of felony, according to a statement from US attorney David L. Anderson in San Francisco.
Sullivan, 52, paid the hackers $100,000 in Bitcoin instead of reporting the breach to the Federal Trade Commission, which was investigating an earlier hack at the company, reported Bloomberg.
“Silicon Valley is not the Wild West,” Anderson said in the statement.
“We expect good corporate citizenship. We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush-money payments.”
Sullivan, who joined Uber in 2015, previously worked at PayPal, eBay, and joined Facebook in 2008 as a chief security officer.
”We continue to cooperate fully with the Department of Justice’s investigation,” an Uber spokesperson said in a statement.
“Our decision in 2017 to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability.”
While companies hide hacks for fear of reputational damage, prosecutors say it was a thinly veiled cover-up where Uber paid the hacker $100,000 in ‘bug bounty,’ which is unusually large from the nominal cap of $10,000, as per the complaint.
Sullivan was contacted by one of the hackers in late 2016, which Uber made public only the following year. The two hackers responsible pleaded guilty last year to computer fraud conspiracy charges but, in the meantime, targeted and hacked other tech companies after Sullivan failed to alert law enforcement about the 2016 Uber hack.