Uber’s Former Security Chief Charged With Trying to Conceal Hack Using Bitcoin
A former Uber executive is charged in connection with the company’s botched attempt to cover up its massive 2016 security breach with six-figure bitcoin payments and hacker-facing NDAs.
Joseph Sullivan, who served as the ride-hailing giant's chief security officer until late 2017, faces obstruction of justice and other felony charges outlined in a criminal complaint filed Thursday in San Francisco Federal District Court.
Sullivan allegedly orchestrated a cover-up operation that tried to keep Uber's sprawling 2016 data breach of 57 million riders' and drivers' information under wraps, prosecutors say.
Uber attempted to buy two hackers' silence with $100,000 in bitcoin siphoned from its "bug bounty" program, according to the complaint. In addition, Sullivan allegedly insisted the hackers sign non-disclosure agreements (NDA).
The hackers got their bitcoin in December 2016 but refused to disclose their identities or sign the NDAs until Sullivan allegedly "dispatched security staff" to hunt them down, according to the indictment. Prosecutors allege Sullivan neglected to tell the Federal Trade Commission about the hack.