The former security chief of Uber Technologies Inc. has avoided jail time for concealing information about a large-scale identity theft that occurred in 2016.
Last Thursday, May 4, former Uber security chief Joe Sullivan was sentenced by a court decision to a three-year suspended sentence. Last year, he was convicted by a jury of acting to obstruct a government investigation and conceal information about the identity theft of 50 million customers and 7 million drivers.
Federal prosecutors asked U.S. District Judge William H. Orrick in San Francisco to impose a penalty in the form of imprisonment for 15 months.
The chief executive officer of Uber, Dara Khosrowshahi, became aware of the hacking, as a result of which confidential information was stolen, in November 2017. At the same time, the crime was committed in October 2016. The head of the company, having learned about the incident and the fact of its concealment, decided to dismiss Joe Sullivan.
The judge was urged not to send the former head of the security service to prison about 50 current and former heads of similar divisions of other companies, including Blackstone Inc., Netflix Inc., as well as the US government. They argue that harsh punishment, in this case, will become a dangerous precedent for professionals and firms who have to make decisions in emergencies.
The heads of security services also note that their work involves searching for the most balanced course of action in an environment where there are few clear rules and recommendations, and the overall level of regulation is very low. They stressed that there is no clear algorithm of behavior in the issue of disclosure of information about security-related incidents.
Djo Sullivan, a former federal prosecutor who previously headed Facebook’s security service before working at Uber, is known in Silicon Valley as an expert in the field of cybercrime protection.
Uber’s improper actions in the context of the attack on the company’s servers in 2016 caused the firm to pay compensation for $ 148 million. At that time, this incident was the largest data leak in the history of the United States. Earlier, Uber received a reprimand from the Federal Trade Commission for a similar happening in 2014.
The lawsuit focused on cybersecurity management, as well as a reshuffle at Uber in 2017 when a series of scandals led to the company’s co-founder Travis Kalanick stepping down as CEO. The jury did not recognize the defense’s counterarguments that other executives of the car rental giant knew about the 2016 hack and were also responsible for concealing information about it.
On the eve of sentencing, Djo Sullivan’s lawyer David Angeli said that in the context of a data leak and the reaction to it, the court is considering a short-term error, which, according to him, will be repeated with minimal probability and will not lead to proven harm, unlike life, the content of which is filled with hard work, volunteer activities, and achievements.
Prosecutors said the judge had received numerous letters about Joe Sullivan’s good deeds detailing his beneficence. In their opinion, these letters should be taken as proof that the person involved in the proceedings was well aware of how wrong his behavior was in the current situation.
The prosecutors also asked the judge to send a sentencing message to representatives of other corporations with good connections in the field of cybersecurity and other industries so that they would realize the significance and meaningfulness of punishment for failures like the 2016 incident.
The prosecutor’s statement in court stated that the example of Joe Sullivan is shocking for that a respected figure in his community is ready to resort to criminal practices, believing that there is no monitoring of these actions, and realizing that reputation is at stake.
As we have reported earlier, Uber Sells $400 Million Stake in Careem Super App Business.