Digital Media Center
Bryant-Denny Stadium, Gate 61
920 Paul Bryant Drive
Tuscaloosa, AL 35487-0370
(800) 654-4262

© 2024 Alabama Public Radio
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations
WHIL is off the air and WUAL is broadcasting on limited power. Engineers are aware and working on a solution.
Alabama Shakespeare Festival Enter for Joseph and the Amazing Technicolor Dreamcoat

Former Uber Security Chief Charged With Paying 'Hush Money' To Conceal Data Breach


Former top executive at Uber is accused of concealing a massive hack that exposed the data of 57 million drivers and passengers. He was fired and now faces criminal charges. NPR's tech correspondent Shannon Bond reports. And just to note here, Uber is an NPR financial supporter.

SHANNON BOND, BYLINE: When Joe Sullivan learned that hackers had stolen huge amounts of data from Uber back in 2016, he didn't tell regulators, law enforcement or the public. Instead, federal prosecutors allege Uber's chief security officer tried to hide it. Here's U.S. Attorney David Anderson, who filed the charges against Sullivan in federal court in Northern California.

DAVID ANDERSON: We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments.

BOND: To keep the incident under wraps, prosecutors say Sullivan arranged for Uber to pay the hackers $100,000. And he had them sign nondisclosure agreements saying falsely that they never stole any data. That payment was made through Uber's bug bounty program. Many tech companies have similar programs offering rewards to so-called white hat hackers that test their systems for vulnerabilities. But Anderson says this payment was not a bug bounty. It was a cover-up.

ANDERSON: The problem isn't with a legitimate bug bounty. The problem is that this hush money payment was not a bug bounty. That's the problem.

BOND: Uber did eventually disclose the breach and fire Sullivan but not until a year later. Two men pleaded guilty to the hack last year. Now Sullivan is charged with obstructing justice and concealing a felony. A spokesman for Sullivan says there's no merit to the charges. He says it was up to Uber's legal team to report the breach. Uber says it's cooperating with the investigation. If he's convicted, Sullivan could face up to eight years in prison and $500,000 in fines.

Shannon Bond, NPR News, San Francisco. Transcript provided by NPR, Copyright NPR.

Shannon Bond is a business correspondent at NPR, covering technology and how Silicon Valley's biggest companies are transforming how we live, work and communicate.
News from Alabama Public Radio is a public service in association with the University of Alabama. We depend on your help to keep our programming on the air and online. Please consider supporting the news you rely on with a donation today. Every contribution, no matter the size, propels our vital coverage. Thank you.