Uber’s former security chief Joseph Sullivan has been accused of covering up a security breach that exposed personal data of millions of passengers and drivers. The company was also accused of paying the hackers a ransom of $100,000 to delete the data they had stolen.
The 52-year-old security officer was charged with obstruction of justice in the US. The charge details that Sullivan had deliberately taken steps to cover up the breach and hide it from the Federal Trade Commission (FTC). He was also accused of approving the ransom payment to the hackers in bitcoin.
This payment was disguised as a “bug bounty” for cybersecurity researchers who discover bugs or vulnerabilities in software. The hackers were reportedly asked to sign agreements falsely stating that they did not steal any data.
US lawyer David Anderson expressed disappointment on the matter saying:
Silicon Valley is not the Wild West. We expect good corporate citizenship. We expect prompt reporting of criminal conduct. We expect co-operation with our investigations. We will not tolerate corporate cover-ups.
A spokesperson for Sullivan denied the charges and defended his actions:
If not for Mr Sullivan’s and his team’s efforts, it’s likely that the individuals responsible for this incident never would have been identified at all.
The data breach was disclosed by CEO Dara Khosrowshahi and Sullivan was fired soon afterward. He is currently working as a security officer in the cybersecurity firm Cloudflare.
Uber ended up paying $148 million to settle legal claims from 50 American states.