A federal judge said that a former Uber Technologies Inc security chief must face wire fraud charges over his alleged role in trying to cover up a 2016 hack that exposed personal information of 57 million passengers and drivers.
The US Department of Justice in December added the three charges against Joseph Sullivan to an earlier indictment, saying he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers, and the US Federal Trade Commission.
US District Judge William Orrick in San Francisco rejected Sullivan‘s claim that prosecutors did not adequately allege he concealed the hacking to ensure that Uber drivers would not flee and would continue paying service fees.
“Those purported misrepresentations, though not made directly to Uber drivers, were part of a larger scheme to defraud them.”
Lawyers for Sullivan did not immediately respond to requests for comment. Sullivan also faces two obstruction charges.
The defendant was originally indicted in September 2020 and is believed to be the first corporate information security officer criminally charged with concealing a hack.
Sullivan arranged to pay the hackers $100,000 in bitcoin, and have them sign nondisclosure agreements that falsely stated they had not stolen data.
Uber had a bounty program designed to reward security researchers who report flaws, not to cover up data thefts.
Dara Khosrowshahi, Uber’s current chief executive, fired Sullivan after learning the extent of the breach.
In September 2018, the San Francisco-based company paid $148 million to settle claims by all 50 US states and Washington, DC that it was too slow to reveal the hacking.