Joe Sullivan, the former chief security officer at Uber, has been found guilty of covering up the massive 2016 cyber attack when a hacker downloaded the personal information of more than 57 million people.

This may be the first time a senior company executive faced criminal prosecution over a hack.

According to the Washington Post, Sullivan was convicted of federal charges “stemming from payments he quietly authorized to hackers who breached the ride-hailing company in 2016”.

Sullivan was found “guilty of obstructing justice for keeping the breach from the Federal Trade Commission (FTC) and of actively hiding a felony,” the report said late on Wednesday.

In July, Uber admitted that it covered up a massive data breach in 2016 that exposed data pertaining to approximately 57 million users and 600,000 drivers’ license numbers.

Buy Me A Coffee

Uber settled civil litigation with the attorneys general for all 50 states and the District of Columbia related to the 2016 data breach, paying $148 million and agreeing to implement a corporate integrity program.

On September 16, Khosrowshahi testified against Sullivan, saying, “He was my chief security officer, and I could not trust his judgment anymore.”

The ride-hailing platform has entered a non-prosecution agreement with federal prosecutors to resolve a criminal investigation into the coverup of the 2016 data breach.

The breach was not reported to the FTC until approximately a year later, when new executive leadership was managing the company, revealed the Justice Department.

EU Threatens to Penalise X over DSA Breach, Musk Alleges ‘Secret Deal’ Offer

In the latest hack by an 18-year-old hacker, the ride-hailing platform Uber said last month that no private information of its users was exposed in the data breach.

An 18-year-old hacker had broken into the internal systems of Uber, reaching company tools, including Amazon Web Services and Google Cloud Platform, and employees thought someone was playing a prank.

The hacker made himself known to Uber employees by posting a message on the company’s internal communication system Slack.