Former Uber IT security chief Joseph Sullivan was found guilty Wednesday of covering up a 2016 computer attack that allowed hackers to get their hands on the personal data of about 57 million platform users. According to the US press reporting the verdict, Joseph Sullivan faces several years in prison for not reporting the cyber attack to federal authorities at the time.
The trial is closely followed in the cyber security community because it is seen as a test of the vision of the responsibilities and duties of those responsible for this area within the US judiciary.
read more: “Companies downplay cyber risks and deny them even when we repeatedly contact them”
A “Personal Responsibility”
The ruling “sets a significant precedent that sends a shock wave through our community,” said Casey Ellis, founder of Bugcrowd, a California firm specializing in cyber security. “It shows the personal responsibility that IT security managers take,” he said. Rather than reacting after the fact, entrepreneurs prefer that the US better define the rules to protect data privacy.
According to the indictment, Joe Sullivan, who was fired in November 2017, also arranged for a $100,000 ransom to be paid to the hackers behind the attack. The stolen data included the names, email addresses and phone numbers of millions of passengers, as well as the names and driver’s licenses of about 600,000 drivers, Uber said.
Almost $150 million in compensation
A year later, the San Francisco-based group reached an out-of-court settlement with prosecutors in 50 US states, including a total of $148 million in damages, for delaying the attack on the regulator. As well as the general public.
read more: Protecting our critical infrastructure from cyber attacks is a major challenge
In 2018, France fined Uber 400,000 euros for covering up a hack. The Netherlands and the United Kingdom have fined the company.
Two hackers behind the cyberattack, identified by US authorities, were arrested and pleaded guilty to extortion before a federal judge in California in 2019. Uber did not respond to AFP’s request.