Uber’s former security boss found guilty of criminal obstruction over data hack
Uber’s former head of security has been found guilty of criminal obstruction for failing to tell US authorities about a 2016 database hack.
The breach impacted 57 million Uber records and 600,000 driving-licence numbers, and led to former top dog Joe Sullivan to be fired in 2017.
The San Francisco jury convicted Sullivan this week of having knowledge of but failing to report the incident to the appropriate government authorities.
The FTC were already investigating Uber following a 2014 hack, and US attorney Stephanie M Hinds accused Sullivan of taking steps to “prevent the hackers from being caught”.
The US Department of Justice said the executive arranged for the hackers to be paid $100,000 (£89,000) in bitcoin to sign a non-disclosure agreement about the hack to keep it secret.
Prosecutors said the case should act as a warning to other companies, and represents an important precedent for the culpability for staff when handling cybersecurity incidents.
“We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers,”
Sullivan hasn’t been sentenced, and could appeal.
According to The Washington Post, Sullivan’s lawyer David Angeli said after the ruling: “Mr Sullivan’s sole focus, in this incident and throughout his distinguished career, has been ensuring the safety of people’s personal data on the internet”.
The FTC said: “The court’s decision affirms that hiding serious breaches of data from the FTC will not be tolerated and makes clear that big tech executives are not above the law.”
Uber and Angeli were not immediately available for further comment.