Aug. 20 (UPI) -- Federal prosecutors have charged Uber's former chief security officer with paying hackers to cover up a 2016 data breach against the company.
Joseph Sullivan, 52, was charged Thursday with obstruction of justice and misprision, or concealment, of a felony for allegedly paying hackers $100,000 to hide the breach which affected about 57 million Uber users and drivers, the U.S. Department of Justice said.
After the breach, hackers contacted Sullivan by email demanding a six-figure payment in exchange for silence. They accessed and downloaded an Uber database containing personally identifying information including drivers' license numbers for about 600,000 Uber drivers.
The complaint states that in addition to paying off the hackers through a program that allows so-called "white hat" hackers to point out security issues within the company, Sullivan also attempted to have them sign non-disclosure agreements regarding the breach.
"The agreements contained a false representation that the hackers did not take or store any data," the Justice Department said. "When an Uber employee asked Sullivan about this false promise, Sullivan insisted that the language stay in the non-disclosure agreement."
The complaint further alleges that Sullivan deceived Uber's new management about the breach after the company hired a new CEO in 2017.
"Sullivan asked his team to prepare a summary of the incident, but after he received their draft summary, he edited it," the Justice Department said. "His edits removed details about the data that the hackers had taken and falsely stated that payment had been made only after the hackers had been identified."
Sullivan's initial appearance in federal court has not been scheduled.
The hackers were ultimately identified by Uber and prosecuted in the Northern District of California, where they each pleaded guilty to computer fraud charges last year.