Former Uber IT security manager, Joseph Sullivan, was found guilty on Wednesday of covering up a 2016 cyberattack that allowed hackers to get their hands on the personal data of approximately 57 million platform users.
According to the American press reporting the verdict, Sullivan faces several years in prison for not reporting the cyberattack to federal authorities at the time.
The trial has been closely followed in the cybersecurity community, who have considered the case a test of the vision that American justice has for the responsibilities and obligations for cybersecurity within companies.
The verdict “sets a significant precedent, which sends shockwaves in our community”, commented Casey Ellis, the founder of Bugcrowd, a Californian company specialising in cybersecurity.
“It shows the personal responsibility that IT security managers take,” he added. The entrepreneur would prefer that the United States better define the rules around the protection of data confidentiality, rather than reacting a posteriori.
- How Uber pressured politicians to get its way in Brussels
- Uber to add traditional taxi drivers to app in Brussels, but neglects existing riders
- Uber includes traditional taxis in its app from today
According to the indictment, Joe Sullivan, who was fired in November 2017, also arranged for the payment of a $100,000 ransom to the hackers behind the attack. The stolen data included names, email addresses and phone numbers of millions of passengers, as well as the names and driver’s licenses of some 600,000 drivers, according to Uber.
The case only came to light a year later, when the San Franicsco-based group reached an out-of-court settlement with prosecutors in 50 US states, including $148 million in compensation, in total, for delaying disclose the attack to the regulator as well as to the general public.