A federal jury found Joseph Sullivan, the former chief security officer at Uber, guilty of obstructing the FTC from investigating a 2016 hack of the ride-sharing platform.
“Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught,” said U.S. Attorney Stephanie Hinds in a press release. “We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.”
“The message in today’s guilty verdict is clear: companies storing their customers’ data have a responsibility to protect that data and do the right thing when breaches occur,” said FBI special agent Robert Tripp. “The FBI and our government partners will not allow rogue technology company executives to put American consumers’ personal information at risk for their own gain.”
Sullivan’s lawyers pushed back on the verdict. “Mr Sullivan’s sole focus — in this incident and throughout his distinguished career — has been ensuring the safety of people’s personal data on the internet,” said David Angeli, who represented Sullivan in court, according to Computing.
Sullivan was prosecuted over his role in a 2016 breach in which the data of 50 million users and seven million drivers was exposed, including names, email addresses, and phone numbers. Sullivan had only been on the job for a few months and assisted with an FTC investigation into a 2014 hack. However, the CSO attempted to hide the existence of the 2016 hack, telling employees that the information around it had to be “tightly controlled,” and paid the hackers $100,000 in bitcoin in exchange for them to sign non-disclosure agreements to not publicly speak about the security breach.
Uber fired Sullivan…