Legal Operations » Ex-Chief of Security Faces Criminal Liability for Uber Data Breach

Ex-Chief of Security Faces Criminal Liability for Uber Data Breach

internet-network-computer-security-vector-id1356945261 (1)

September 15, 2022

Joe Sullivan was a rock star in the information security world. One of the first federal prosecutors to work on cybercrime cases in the late 1990s, he eventually took on high-profile roles as chief of security at Facebook and Uber. It came as a shock to many in the community when Sullivan was fired by Uber in 2017, accused of mishandling a security incident the year before. In 2020, he was charged with two felonies in what is believed to be the first time a company executive has faced potential criminal liability for an alleged data breach. Sullivan has pleaded not guilty to the charges, and his trial has divided the security industry.

Several chief security information officers have expressed concern that he was the only one held accountable at Uber, given that the call on whether a company reports a data breach is usually decided by the legal department and the chief executive. If Sullivan is convicted, CISCOs worry that the outcome could set a precedent as to who is at fault for a data breach, and they could be left holding the bag. Because Legal Ops works so closely with corporate Infosec departments, and privacy laws have increased the legal actions around data breaches, this is definitely a story to watch.

Share this post:

Find this article interesting?

Sign up for more with a complimentary subscription to Today’s General Counsel magazine.