Former Uber's Head Of Security Sentenced Touran Data
JAKARTA - Former Uber's head of security, Joe Sullivan, has been found guilty by a jury in San Francisco, United States (US) of criminal acts for failing to report a 2016 cybersecurity incident to authorities.
He is guilty of hiding a massive data breach from the Federal Trade Commission (FTC) that has investigated the ride-sharing company for a different violation.
With this decision, Sullivan is likely to be the first executive to be criminally charged for hacking.
The jury, consisting of six men and six women, negotiated for 19 hours. They found Sullivan guilty on one charge of obstructing the FTC investigation. As well as one other charge, he acted to hide the crime from the authorities.
"Sullivan is working to hide data breaches from the Federal Trade Commission (FTC) and is taking steps to prevent hackers from being arrested," said lawyers for California's northern district, USA, Stephanie Hinds.
Sullivan declined to comment, but one of his lawyers, David Angeli, said his party did not approve of the decision.
"While we clearly disagree with the jury's decision, we appreciate their dedication and efforts in this case," Angeli said.
" Sullivan's only focus on this incident and throughout his famous career, he has ensured the security of people's personal data on the Internet."
This case began when Sullivan first learned of a second data breach affecting the data of 57 million passengers and drivers, he disguised illegal activities by paying hackers through an Uber bug reward program.
The breach occurred in 2016, but Uber only revealed it to the public a year later. Public disclosures of security breaches are required by legislation in many US states, with most regulations mandate that notifications are made in the most appropriate and without unnatural delays.
At the time, Uber coordinated with HackerOne, a security company that is widely used if there are problems urging executives like Sullivan to look into it.
Sullivan uses the bounty HackerOne bug program as a way to avoid hacking disclosures. However, Sullivan's doing this could change the way all companies manage data breaches in the future.
Uber did not comment, but in a blog post, Uber CEO Dara Khosrowshahi discussed how the company has updated security practices since the Sullivan case was revealed.
These efforts include consulting with external cybersecurity experts on how to restructure the Uber security team and how to implement a process to prevent leadership from making the same mistakes again.
While I cannot erase the past, I can commit on behalf of any Uber employee that we will learn from our mistakes. We changed the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers," wrote Khosrowshahi.