Former Uber security chief charged with covering up 2016 hack

Joseph Sullivan has been charged with obstruction of justice.

ROBYN BECK via Getty Images

Federal prosecutors have charged Uber's former security chief, Joseph Sullivan, with obstruction of justice for attempting to hide the company's 2016 data breach from the Federal Trade Commission (FTC). The hack exposed the email addresses and phone numbers of 57 million Uber drivers and customers.

Instead of disclosing the breach to the FTC, which was investigating an earlier 2014 hack into Uber, Sullivan allegedly paid the culprits $100,000 in bitcoin. The Justice Department says the former executive tried to pay the hackers through Uber's bug bounty program. He also attempted to convince them to sign nondisclosure agreements. Uber later fired Sullivan in 2017 when the company's current CEO, Dara Khosrowshahi, found out about how he had handled the situation.

In addition to obstruction of justice, prosecutors charged Sullivan with failing to share knowledge of a felony. In total, he faces up to eight years in prison if convicted of both charges.

"We expect good corporate citizenship," said US Attorney David L. Anderson. "We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush-money payments."

Bradford Williams, Sullivan's attorney, told The New York Times there's "no merit" to the charges. "If not for Mr. Sullivan's and his team's efforts, it's likely that the individuals responsible for this incident never would have been identified at all," he said. Williams added that Sullivan and his team worked closely with other Uber employees and followed the company's policies.

Meanwhile, a spokesperson for Uber told The New York Times it continues to cooperate with the Justice Department’s investigation into the 2016 hack. "Our decision in 2017 to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability," they said.

Sullivan may become the second former Uber employee to end up behind bars. At the start of August, Anthony Levandowski, the engineer at the center of the trade secret legal battle between Waymo and Uber, was sentenced to 18 months in prison.

Correction, 8/26/20 9:30AM ET: This story’s headline originally said that Sullivan was arrested; he was charged with obstruction of justice but was not placed under arrest. We apologize for the error.