Uber's former security chief was found guilty by a federal jury for covering up a data hack to regulators

• Uber's former security chief Joe Sullivan has been charged with hiding a data breach from federal authorities.
• Sullivan claimed the data breach was part of a program for finding security gaps in Uber's system.

Uber's former security chief, Joe Sullivan, was found guilty on Wednesday of failing to disclose a breach that compromised millions of Uber's customer and driver records to the Federal Trade Commission, according to The New York Times.

The verdict — guilty on both obstructing an FTC investigation and "misprison" (failing to conceal a felony) — marks the first time a corporate executive has been found guilty of a crime that revolves around hacking, the Times reported.

In 2016, a group of hackers downloaded the personal information of 57 million Uber customers and drivers and had ordered the company to pay them $100,000 in exchange for the information.

Sullivan paid the hackers under the guise of Uber's bug bounty program— a company initiative that paid "white hat" hackers to hack the company's records for security vulnerabilities, the Times reported.

The incident remained under wraps until Dara Khosrowshahi was appointed CEO in 2017.

At the time of the hack, the Federal Trade Commission was already investigating an earlier data breach from 2014. Sullivan, knowing that disclosing the latter breach would prolong the FTC's investigation, did not reveal the breach to Uber's general counsel, according to court documents.

However, Sullivan did disclose the incident to one Uber lawyer, Craig Clark. Both Sullivan and Clark were eventually fired by Khosrowshahi.

Clark testified against Sullivan in exchange for immunity.

Sullivan's lawyers claimed that he was simply "doing his job," the Times reported.