Uber’s former Chief Information Security Officer was sentenced for his part in covering up a data breach that impacted the data of over 50 million people. The former CISO, Joseph Sullivan, was sentenced to three years probation, 200 hours of community service and ordered to pay a $50,000 fine.
There had been arguments for a 15-month prison sentence. However, there were concerns that this could result in people not wanting to take on the role of CISO or delays in reports in breaches in case people were prosecuted for mistakes. However, the judge warned that should cybersecurity bosses find themselves in the same situation they would not be as fortunate.
2016 Data Breach
The breach in question occurred in 2016 and data belonging to 57 million customers and 600,000 drivers was exposed. Last October a jury found Sullivan guilty of two federal counts relating to the data breach.
Firstly, he was found to have actively concealed the breach from FTC officials who were coincidentally there investigating a breach from 2014. Sullivan was charged with deliberately withholding and concealing the 2016 breach.
The second count was to do with the fact that he tried to cover up the leak and hide it from officials and Uber executives. He was found to have paid $100,000 to the hackers responsible to stop them from going public with the breach and made them sign an NDA.
Very few within Uber were aware of the severity of the breach and it was only discovered because of the arrival of a new CEO, Dara Khosrowashahi, in August 2017. It was found that the former CEO and a few members of Uber’s legal team were the only ones fully aware of the significance of the breach. The new CEO decided to report the breach to the FTC when he was made aware as he said he felt the decision Sullivan had made to not notify them was the wrong choice.
Value Privacy’s experts are on hand to make sure that you and your company aren’t caught out by new or existing privacy laws.
You can find out more about the services we offer or just get in touch with us directly with any questions you have about how privacy laws impact you.