Uber‘s former chief safety officer Joseph Sullivan was charged with protecting up a 2016 knowledge breach that comprised the non-public data of 57 million drivers and customers.
Relatively than report the breach to the Federal Commerce Fee, which was investigating an earlier hack on the firm, Sullivan paid the hackers $100,000 in Bitcoin, in accordance with a press release Thursday from U.S. Lawyer David L. Anderson in San Francisco. Sullivan is charged with obstruction of justice and failing to report his information of a felony.
“Silicon Valley shouldn’t be the Wild West,” Anderson mentioned within the assertion. “We anticipate good company citizenship. We anticipate immediate reporting of felony conduct. We anticipate cooperation with our investigations. We is not going to tolerate company cover-ups. We is not going to tolerate unlawful hush-money funds.”
A spokesperson for Sullivan mentioned there’s no benefit to the fees.
“This case facilities on a knowledge safety investigation at Uber by a big, cross-functional workforce made up of a few of the world’s foremost safety consultants, Mr. Sullivan included,” Bradford Williams mentioned in an e mail. “If not for Mr. Sullivan’s and his workforce’s efforts, it’s seemingly that the people liable for this incident by no means would have been recognized in any respect.”
Sullivan, 52, joined Uber in 2015. He began his profession as a federal prosecutor in pc hacking and mental property legislation. He’s been a quiet fixture of Silicon Valley for greater than a decade, with stints at PayPal and EBay Inc. earlier than changing into the chief safety officer at Fb in 2008.
The U.S. legal professional’s workplace didn’t instantly reply to a request for details about who’s representing Sullivan within the felony case.
”We proceed to cooperate absolutely with the Division of Justice’s investigation,” an Uber spokesperson mentioned in a press release. “Our determination in 2017 to reveal the incident was not solely the best factor to do, it embodies the ideas by which we’re operating our enterprise immediately: transparency, integrity, and accountability.”
Sullivan was contacted by one of many hackers in November 2016, about 10 days after he had given testimony in an FTC inquiry about Uber’s cyber safety associated to a 2014 knowledge breach, in accordance with the U.S. legal professional’s assertion. He didn’t disclose the brand new hack to the FTC and sought to repay the hackers by a bounty program that rewards “white hat” hackers who let an organization find out about safety flaws with out stealing knowledge.
The 2 hackers behind the 2016 breach pleaded responsible final 12 months to pc fraud conspiracy costs. They each focused and hacked different expertise corporations after Sullivan did not alert legislation enforcement concerning the 2016 Uber hack, in accordance with Anderson’s assertion.
Williams mentioned in his assertion that Sullivan and his workforce collaborated intently with others at Uber and adopted written insurance policies.
“These insurance policies made clear that Uber’s authorized division — and never Mr. Sullivan or his group — was liable for deciding whether or not, and to whom, the matter ought to be disclosed,” in accordance with the assertion.
Extra must-read tech protection from Fortune:
‘It’s clicks versus bricks’: Why tech shares gained’t be fading anytime quickly
Samsung Observe20 Extremely assessment: Why this massive telephone works for the COVID period
Fb and NYU researchers uncover a technique to velocity up MRI scans
The U.S. Postal Service is looking for a patent for voting by telephone
Electrical-vehicle startup Canoo to go public, becoming a member of the wave of corporations chasing Tesla’s success