Federal prosecutors charged Joe Sullivan, the former chief security officer for Uber, with crimes related to an alleged cover-up of the company's massive 2016 hack.
After hackers stole the personal information of nearly 60 million Uber drivers and customers, Sullivan is accused of arranging to pay the hackers $100,000 as if it was a bug bounty rather than an extortion demand. By disguising the nature of the payment, he allegedly concealed the breach from authorities and deceived Uber management about certain aspects of the breach when a new CEO took over in 2017.
“Silicon Valley is not the Wild West,” U.S. Attorney David L. Anderson told press. “We expect good corporate citizenship. We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments.”
A spokesperson for Sullivan described the case as having "no merit" and contested the alligations Sullivan acted without regard for the company or the law.
"From the outset, Mr. Sullivan and his team collaborated closely with legal, communications and other relevant teams at Uber, in accordance with the company’s written policies," wrote the spokesperson in a statement. "Those policies made clear that Uber’s legal department — and not Mr. Sullivan or his group — was responsible for deciding whether, and to whom, the matter should be disclosed."