Uber’s former chief security officer was convicted on Wednesday for covering up a 2016 data breach in which hackers gained access to tens of millions of customer data from the ride-hailing service.
A federal jury in San Francisco convicted Joseph Sullivan for obstructing justice and hiding the knowledge that a federal crime had been committed, federal prosecutors said.
The lawsuit, followed closely in cybersecurity circles, is considered the first criminal case of a business executive for handling a data breach.
Joe Sullivan, sacked in 2017 for the incident, was found guilty by a San Francisco jury on Tuesday of obstructing a Federal Trade Commission investigation.
At the time of the breach in 2016, the regulator was investigating the car reservation service for another cybersecurity flaw that had occurred two years earlier.
Prosecutors said Sullivan had taken steps to ensure that the data compromised during the attack would not be disclosed.
According to court documents, two hackers approached Sullivan’s team to notify Uber of a security flaw that revealed the personal information of nearly 60 million drivers and motorcyclists on the platform.
The hackers, one of whom testified at the trial, rejected the company’s offer of $ 10,000 – the maximum payout under Uber’s “bug bounty” policy designed to encourage private disclosure of security breaches – and threatened to release the data if a higher paid cost has not been applied.
