United States: In a case that linked prosecutors under the original leadership of Uber Technologies Inc. to a troubled past, the company's former security chief was found guilty of covering up a critical data breach.
A jury in San Francisco federal court rejected Joe Sullivan's argument that other executives at the riding giant knew about the 2016 hack and for it not been reported to regulators for more than a year. was convicted. Sullivan was found guilty on Wednesday.
Also Read: US Department of Defense banned DJI and BGI Genomicsin because of their ties with Chinese military
Testimony nearly four weeks into the trial covered topics such as cybersecurity management and the 2017 Uber shake-up, in which co-founder Travis Kalanick was fired as CEO due to a string of scandals.
Both the charges against Sullivan—obstructing an official investigation and concealing the theft of the personal information of 50 million customers and 7 million drivers—were found to be true.
Sullivan, a former federal prosecutor who oversaw security for Facebook, is well-known in Silicon Valley for his knowledge of the subject. He could face up to eight years in prison, although this is very unlikely.
Also Read: Donald Trump asks the US Supreme Court to get involved in the dispute over Mar-a-Lago records
"Despite the fact that we expressly disagree with the jury's decision, we respect his commitment to this case and his efforts. Mr. Sullivan's sole concern is the personal lives of people during this event and throughout his illustrious career." To ensure the security of data online, according to Sullivan's attorney David Angeli, "we will assess our options for the next days."
State and federal laws compel businesses to report data breaches immediately. Uber handled the 2016 attack on its servers poorly, which led the company to pay US$148 million to all 50 states as part of a settlement, the largest data breach payout in US history at the time. The Federal Trade Commission previously shut down Uber in 2014 for a comparable data breach.
According to US Attorney Stephanie Hinds for San Francisco, "Sullivan actively worked to hide the data breach from the Federal Trade Commission and took steps to prevent hackers from being caught." We will not put corporate executives with hiding important information from the public because they are more concerned with maintaining the reputation of themselves and their employers than protecting users.
Sullivan was accused of secretly setting up a "bug bounty" program that pays security researchers to spot vulnerabilities, in order to give Uber hackers $100,000 in bitcoin to remove data stolen from them. will pay. Both hackers in return agreed to keep the theft of their data a secret. Later, the hackers admitted their guilt for being involved in the incident.
The October 2016 hack was kept secret until November of the following year, nearly three months after new CEO Dara Khosrowshahi took over. At the same time, Sullivan was fired by him.
Khosrowshahi testified that he decided it was time to replace his security chief after discovering discrepancies in what had happened to Sullivan's account. "I can no longer trust his judgement," he said. Sullivan's defense was that Uber's legal team and other managers were aware of the incident before it was widely publicized.
Angeli denied the idea of a cover-up, citing Sullivan's extensive employee information sharing prior to Khosrowshahi joining the company. A text message that Sullivan sent Kalanick at 1.24 a.m., less than 12 hours after the breach, was shown to the jury.
Keep in mind that Mr. Kalanick is Uber's executive leader, Angeli said during the closing debate. Mr. Sullivan was unable to report this to higher-ups in the business.
Specifically, he claimed that Sullivan, who joined the company in 2015, was well aware of the need to disclose the breach, following Uber's talks with the FTC regarding the 2014 hack.
Also Read: Ukraine war: Russia's New round of nuclear threats
According to prosecutor Ben Kingsley, Sullivan did not want the details of the new hack to be made public because it would damage his reputation. Sullivan was believed to have improved security after an earlier breach.
Sullivan "prioritized his reputation and the reputation of the company over his obligations," he claimed, rather than disclose it. Sullivan and Kalanick did not testify. US v. Sullivan, 20-crore-00337, US District Court, Northern District of California, Case Pending (San Francisco).