By Robert McMillan

Uber Technologies Inc.'s former chief security officer, Joe Sullivan, was charged Thursday for allegedly concealing from federal authorities details about the massive data breach the ride-hailing giant suffered in 2016.

Mr. Sullivan, a former federal prosecutor who is now chief security officer at internet services company Cloudflare Inc., was fired by Uber in 2017 for his role in the data breach, which affected 57 million accounts.

At the time, Uber said Mr. Sullivan paid $100,000 to hackers via the company's bug bounty program, in an effort to conceal the breach.

Mr. Sullivan was charged in San Francisco on charges of obstruction of justice and failing to report a crime, the Department of Justice said in a press release.

A spokesman for Mr. Sullivan said that there was no merit to the charges. "From the outset, Mr. Sullivan and his team collaborated closely with legal, communications and other relevant teams at Uber," the spokesman said in a statement. "Those policies made clear that Uber's legal department -- and not Mr. Sullivan or his group -- was responsible for deciding whether, and to whom, the matter should be disclosed."

Uber has said the hack exposed the names, emails and phone numbers of millions of riders, and about 600,000 drivers' license numbers. The company, when it disclosed the hack, said financial information such as credit cards and Social Security numbers weren't taken and that it had identified the hackers and obtained assurances they had destroyed the stolen data.

Uber continues to cooperate fully with the Department of Justice's investigation, an Uber spokesman said in an emailed statement.

The hack prompted a wave of departures at Uber's security team.

Cloudflare's chief executive, Matthew Prince, said on Twitter that he hoped the matter would be resolved quickly.

Write to Robert McMillan at Robert.Mcmillan@wsj.com