![]() “These situations are highly charged and CSOs are under immense pressure,” Vance says. The hackers attempted to extort the company by threatening to publish the data they had stolen if they didn't receive payment. ![]() 10 days after providing this testimony, he learned of the new data breach. Among other things, Sullivan gave a sworn deposition to the FTC about the incident and steps Uber had since taken to improve its digital security practices. When Sullivan learned about the 2016 hack, he was already working with the FTC on its ongoing investigation into another, unrelated 2014 Uber data breach. The delayed notification in itself isn't what brought Sullivan into the Justice Department's crosshairs, though. In 2018, Uber paid $148 million to settle with attorneys general across the United States for violating state data breach disclosure laws. The rideshare giant didn't disclose the breach until November 2017, when its current chief executive officer, Dara Khosrowshahi, took over and fired Sullivan along with a company lawyer, Craig Clark. Sullivan’s trouble goes back to November 2016, when Uber suffered a data breach that compromised personal information of more than 57 million users, including drivers and passengers. ![]() But the United States Department of Justice is positioning the case as an opportunity to set guardrails around what behavior is-and isn't-acceptable in the fraught balancing act of corporate breach response. Many now worry that Sullivan's conviction will make the already daunting role even less appealing to top talent. It is all but inevitable that companies will suffer hacks and breaches, and CSOs preside over the aftermath. As alarming as Sullivan's conviction may be to some, gauging the fallout for security executives is anything but straightforward.Ĭhief security officers are sometimes wryly referred to as “chief scapegoat officers” or “chief sacrificial officers,” because the practical challenges of securing massive organizations are so great. ![]() The case has reverberated through the security and tech worlds because it is seemingly the first time that an individual executive has faced criminal prosecution for charges related to a data breach against the executive's company. Uber's Former chief security officer, Joe Sullivan, was found guilty this week of actively hiding a data breach from the US Federal Trade Commission (FTC) and concealing a felony. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |