A San Francisco jury has found Uber’s former chief security officer, Joe Sullivan, guilty of criminal obstruction for failing to report a 2016 cybersecurity incident to authorities.
Sullivan, who was fired from Uber in 2017, was found guilty on counts of obstruction of justice and deliberate concealment of felony, a spokesperson from the US justice department confirmed on Wednesday.
“Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught,” said Stephanie Hinds, US attorney for the northern district of California.
The case was being watched as an important precedent regarding the culpability of individual security staffers and executives when handling cybersecurity incidents, a concern that has only grown at a time when reports of ransomware attacks have surged and cybersecurity insurance premiums have risen.
The breach took place in 2016, but Uber only disclosed it publicly a year later. Public disclosures of security breaches are required by law in many US states, with most regulations mandating that the notification be made “in the most expedient time possible and without unreasonable delay”.