Former Uber CSO Found Guilty of Hiding Hack, Faces Up to Eight Years in Prison

Third-party records systems company creates problems for patients after likely ransomware attack, Oz gov't creates new law following Optus hack, CISA seeks to co-opt election conspiracy theories, more

Check out my latest CSO column that examines how CISA’s new strategic plan represents a new level of maturity for the cybersecurity agency.

Photo by Conny Schneider on Unsplash

In a case closely watched by cybersecurity chiefs across the country, a San Francisco jury has found Uber’s former chief security officer Joseph Sullivan guilty of criminal obstruction charges for failing to report a 2016 cyber intrusion to federal authorities.

Sullivan now faces a five-year sentence on the obstruction charge and as many as three years in prison on a second charge of failing to report a felony. Sullivan’s lawyers argued that their client had ultimately protected about 57 million Uber customer records in 2016 when they were accessed by an anonymous hacker who demanded a $100,000 payment. The money was eventually paid as a “bug bounty” by Mr. Sullivan’s team.

However, prosecutors argued that Mr. Sullivan covered up the payment by taking steps to prevent it from being reported to the Federal Trade Com…