Ex-Chief of Security Faces Criminal Liability for Uber Data Breach
September 15, 2022
Joe Sullivan was a rock star in the information security world. One of the first federal prosecutors to work on cybercrime cases in the late 1990s, he eventually took on high-profile roles as chief of security at Facebook and Uber. It came as a shock to many in the community when Sullivan was fired by Uber in 2017, accused of mishandling a security incident the year before. In 2020, he was charged with two felonies in what is believed to be the first time a company executive has faced potential criminal liability for an alleged data breach. Sullivan has pleaded not guilty to the charges, and his trial has divided the security industry.
Several chief security information officers have expressed concern that he was the only one held accountable at Uber, given that the call on whether a company reports a data breach is usually decided by the legal department and the chief executive. If Sullivan is convicted, CISCOs worry that the outcome could set a precedent as to who is at fault for a data breach, and they could be left holding the bag. Because Legal Ops works so closely with corporate Infosec departments, and privacy laws have increased the legal actions around data breaches, this is definitely a story to watch.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.