Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security The Courts

Ex-Uber Security Chief Gets Probation for Concealing 2016 Data Breach (axios.com) 8

Posted by msmash from the setting-precedent dept.
A judge sentenced Joe Sullivan, the former chief security officer at Uber, to three years' probation and 200 hours of community service on Thursday for covering up a 2016 cyberattack from authorities and obstructing a federal investigation. From a report: Sullivan's case is likely the first time a security executive has faced criminal charges for mishandling a data breach, and the response to Sullivan's case has split the cybersecurity community. In October, a jury found Sullivan guilty of obstructing an active FTC investigation into Uber's security practices and concealing a 2016 data breach that affected 50 million riders and drivers. Uber paid the hackers $100,000 to not release any stolen data and keep the attack quiet. Sullivan and his team routed the payment through the company's bug bounty program, which good-faith security researchers usually use to report flaws. The hack wasn't publicly disclosed until 2017, shortly after Dara Khosrowshahi stepped into the CEO role.

Khosrowshahi fired Sullivan in 2017, telling the jury last fall that he thought the decision to conceal the breach was "the wrong decision." Sullivan then joined Cloudflare as its chief security officer in 2018, and he stayed there until July 2022 when he stepped down to prepare for his trial. "If I have a similar case tomorrow, even if the defendant had the character of Pope Francis, they would be going to prison," Judge William Orrick said during the sentencing on Thursday. "When you go out and talk to your friends, to your CISOs, you tell them that you got a break not because of what you did, not even because of who you are, but because this was just such an unusual one-off," Orrick added.
This discussion has been archived. No new comments can be posted.

Ex-Uber Security Chief Gets Probation for Concealing 2016 Data Breach More

Ex-Uber Security Chief Gets Probation for Concealing 2016 Data Breach

Comments Filter:

  • Judge admits he got away with it (Score:4, Interesting)

    by S_Stout ( 2725099 ) on Friday May 05, 2023 @10:59AM (#63499292)
    He is not going to jail because he is C suite.

    • He didn't go to jail because people don't go to jail for security breaches like this. Or can you find examples of where they have, something that meaningfully sets this case apart from the others?

    • Re: (Score:1)

      by Anonymous Coward

      Sullivan is actually one of the good guys in tech. He was just a scapegoat being pinned for things his superiors wanted (in a wink-wink, nudge-nudge, kind of way). Yes he probably should have stood up to them but sometimes you feel forced to play the game.

      There is SO much crooked stuff that goes on behind closed doors people don't even know about. Much worse than this and nobody says jack shit because it's just business as usual.

  • Infuriating (Score:5, Interesting)

    by Fuzi719 ( 1107665 ) on Friday May 05, 2023 @12:01PM (#63499468)
    My Uber account was caught up in this mess. During this debacle, my account was hijacked by someone in Russia who was charging over $200US in rides to my credit card. I reported it to Uber security and they acted like *I* was the criminal. They were refusing to do anything, refusing to refund me, claiming they had proof that I had taken the rides (while I was home in the US, and have never been to Russia). I threatened to report to government and media, so Uber closed my account and banned me. I had to do a chargeback on my credit card. I recently tried to open a new Uber account and I am still blocked. Meanwhile, this a**hole gets a slap on the wrist for the coverup. F*** UBER!

Slashdot Top Deals

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

Close