Ex-CSO Uber settled with hackers in bitcoins to hide information about hacking — US Department of Justice
The US Department of Justice announced charges were filed against former Uber chief security officer Joseph Sullivan for covering up the data breach of millions of Uber customers and drivers in 2016. According to the prosecution, he used bitcoin to buy off the hackers.
Sullivan served as Uber’s chief security officer from April 2015 to November 2017, according to a US Justice Department press release. At this time, he was contacted by email by two hackers who demanded a six-figure sum in exchange for silence. They had at their disposal the data of 57 million people from the Uber databases. Sullivan “took targeted measures to hide this information and to mislead the FTC.”
The company made a $ 100,000 payment in bitcoin in December 2016 through its bug search program. Sullivan, according to the prosecution, demanded that the hackers sign a non-disclosure agreement, although they did not give their real names. The agreements contained false information that they did not intrude into the company’s databases.
An Uber spokesperson told Forbes Crypto that they continue to work with the investigation. “Our decision in 2017 to disclose the incident was not only right, but also reflects the company’s commitment to its current principles of transparency, integrity and accountability.” In November 2017, Uber did publish a press release on behalf of its CEO with information about the hack.
The hackers were caught and pleaded guilty in October 2019. According to the prosecution, they continued to attack other tech companies after Sullivan decided not to report the incident to law enforcement. Now he faces up to five years in prison for obstruction of justice and up to three years for failure to report a crime.