Conviction in Uber data-breach trial sounds alarm bells for cybersecurity industry

MLex Market Insight

News

4.9 • 9 Ratings

🗓️ 11 October 2022

⏱️ 11 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

The conviction of Joe Sullivan, Uber’s former head of security, over his handling of a 2016 data breach has sent shockwaves through the tech industry. Sullivan was found guilty of obstructing a US Federal Trade Commission investigation into the breach and of failing to report a crime. The prosecution is believed to be the first of its kind in the US and has raised legal questions about how tech companies should respond to data breaches and what, if any, relationship they should have with hackers trying to extort a ransom in return for stolen data.

Transcript

Click on a timestamp to play from that location

0:00.0	Hello there. Welcome back to Emlex's podcast covering the top stories in regulatory affairs. My name is James Panicki. I'm a senior editor here at Emlex. and it's great to be with you again.
0:21.6	And we're hitting your feed early in the week for a wrap of the extraordinary conviction of Joseph Sullivan.
0:28.6	He is Uber's former security chief who had been charged with obstructing a US Federal Trade Commission investigation into a 2016 data breach. It has been a riveting case,
0:39.3	which has less to do with the data breach itself than it does with Sullivan's response to it.
0:45.3	The trial in California has also highlighted an interesting ethical dilemma about whether companies
0:51.3	should negotiate with hackers, how transparent that process should be,
0:55.6	and also the role of non-disclosure agreements in all of this.
0:59.6	The guilty verdict also appears to mark the first time that a company executive
1:04.3	has been criminally prosecuted for charges relating to a data breach,
1:08.9	something that has sent shockwaves through the tech industry,
1:12.5	not surprisingly. To cover the case, MLEX has relied on data privacy and security reporter Jen
1:18.5	Bryce, senior data privacy and security correspondent Amy Miller, and senior correspondent covering
1:24.4	privacy and future mobility, Shu Wan. All three reporters join me now from
1:29.6	San Francisco. And Amy, let's start from the very beginning here. What was the DOJ's argument?
1:37.2	Well, Joseph Sullivan's troubles began in November 2016, when Uber suffered a data breach that
1:42.9	compromised personal information of more than 57 million
1:46.1	users, including drivers and passengers. But Uber, specifically Sullivan, didn't disclose the breach
1:53.2	until November 2017 when its current CEO took over and fired Sullivan for not telling him about
2:00.3	the breach. So Uber ended up paying $148 million
2:03.8	to settle with state AGs across the United States for violating their state data breach disclosure
2:09.7	laws. But Sullivan wasn't convicted over the delayed reporting. According to the DOJ,
2:15.7	Sullivan covered up this breach by paying the hackers $100,000 through the company's bug bounty program.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from MLex Market Insight, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of MLex Market Insight and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.