Uber’s former safety chief Joe Sullivan is not going to be going to jail for masking up a knowledge breach that affected over 50 million Uber drivers and customers of the rideshare service. Last 12 months, a jury discovered Sullivan responsible of obstructing an energetic FTC investigation, in addition to discovering him responsible of getting hid the 2016 Uber knowledge breach, however a choose has sentenced Sullivan to a few years’ probation and 200 hours of group service, as Axios experiences.
In case you missed it:
While Sullivan is not going to be going to jail for masking up the information breach, Axios notes that Sullivan’s conviction and punishment are doubtless the primary time a chief data safety officer (CISO) has confronted prison fees for “mishandling a data breach.” But the time period “mishandled” is considerably of an understatement, which makes the following probation appear a bit delicate.
Sullivan not solely hid the information breach, but in addition handed over $100,000 to the hackers to be able to preserve the breach quiet. Sullivan and his staff funneled the fee by Uber’s bug bounty program.
The general case is one thing of a landmark that would set up a precedent for cybersecurity within the U.S. going ahead. That’s doubtless why the choose who sentenced Sullivan acquired 186 letters in protection of the previous Uber safety chief, together with a letter from former Uber CEO Travis Kalanick. Some of the opposite letters had been from CISOs who had been afraid that Sullivan doing jail time might imply jail time for them, too.
The Uber knowledge breach occurred in 2016 underneath Kalanick’s tenure, but it surely wasn’t publicly disclosed till the next 12 months, in 2017. That similar 12 months, Kalanick resigned and Dara Khosrowshahi grew to become the subsequent Uber CEO. Khosrowshahi fired Sullivan in 2017, and would later testify that he thought masking up the information breach was “the wrong decision.”
Sullivan nonetheless went on to steer the cybersecurity staff at Cloudflare from 2018 by 2022, solely stepping down as — I can’t emphasize this sufficient — chief safety officer to organize for trial on a cybersecurity crime. Prosecutors requested the courtroom to condemn Sullivan to fifteen months of jail time, however Sullivan received 3 years’ probation and 200 hours of group service. Who is aware of, perhaps Sullivan will educate cybersecurity or ethics lessons as a part of his court-mandated service.
Source: jalopnik.com