Uber's Former Security Chief Charged With Trying to Conceal Hack Using Bitcoin

Joseph Sullivan allegedly insisted the hackers sign NDAs in exchange for $100,000 in bitcoin hush money.

AccessTimeIconAug 21, 2020 at 5:50 p.m. UTC
Updated Sep 14, 2021 at 9:46 a.m. UTC

A former Uber executive is charged in connection with the company's botched attempt to cover up its massive 2016 security breach with six-figure bitcoin payments and hacker-facing NDAs.

  • Joseph Sullivan, who served as the ride-hailing giant's chief security officer until late 2017, faces obstruction of justice and other felony charges outlined in a criminal complaint filed Thursday in San Francisco Federal District Court.
  • Sullivan allegedly orchestrated a cover-up operation that tried to keep Uber's sprawling 2016 data breach of 57 million riders' and drivers' information under wraps, prosecutors say.
  • Uber attempted to buy two hackers' silence with $100,000 in bitcoin siphoned from its "bug bounty" program, according to the complaint. In addition, Sullivan allegedly insisted the hackers sign non-disclosure agreements (NDA).
  • The hackers got their bitcoin in December 2016 but refused to disclose their identities or sign the NDAs until Sullivan allegedly "dispatched security staff" to hunt them down, according to the indictment. Prosecutors allege Sullivan neglected to tell the Federal Trade Commission about the hack.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.