Ex-Uber security chief convicted of hiding hack from federal regulators

/in


Ex-Uber security chief convicted of hiding hack from federal regulators

On Wednesday, a jury found former Uber security chief Joe Sullivan guilty of hiding a massive data breach from federal regulators who were already investigating the ride-share company for a different breach. With that verdict, Sullivan has likely become the first executive to be criminally prosecuted over a hack, The New York Times reported.

A jury of six men and six women started deliberating last Friday. After 19 hours, they decided that Sullivan was guilty on one count of obstructing the Federal Trade Commission’s investigation and “one count of misprision, or acting to conceal a felony from authorities,” according to the Times.

Sullivan’s legal team did not immediately provide comment for Ars, but one of his lawyers, David Angeli, told NYT how Sullivan received the verdict. “While we obviously disagree with the jury’s verdict, we appreciate their dedication and effort in this case,” Angeli told the paper. “Mr. Sullivan’s sole focus—in this incident and throughout his distinguished career—has been ensuring the safety of people’s personal data on the Internet.”

When Sullivan first learned of the second data breach, he disguised the illegal activity by paying the hackers through Uber’s bug bounty program. Uber had just announced the program in March 2016 in coordination with HackerOne, a widely used security firm whose company values urge executives like Sullivan to “default to disclosure” and ask “why keep this private?” instead of “why make this public?” It took less than a year for Sullivan to use HackerOne’s bug bounty program as a way to avoid disclosing a hack.

HackerOne did not immediately respond to Ars’ request for comment. [Update: A HackerOne spokesperson told Ars, “HackerOne has made the executive decision not to comment.”]

The Times report suggested that Sullivan’s conviction could change how all companies manage data breaches in the future.

Uber did not provide comment to NYT or Ars. Previously, an Uber spokesperson directed Ars to a blog post in which Uber CEO Dara Khosrowshahi discussed how the…

Source…