News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | The Uber court ruling security pros need to know about

Joe Sullivan, the former Uber security chief, was found guilty on Wednesday by a jury in federal court on charges that he did not disclose a breach of customer and driver records to government regulators.   In 2016, while the Federal Trade Commission was investigating Uber over an earlier breach of its online systems, Mr. Sullivan learned of a new breach that affected the Uber accounts of more than 57 million riders and drivers.

The jury found Mr. Sullivan guilty on one count of obstructing the F.T.C.’s investigation and one count of misprision, or acting to conceal a felony from authorities.

That quoting the New York Times.  

And let’s also quote the Washington Post. 

Even without Sullivan’s job history, the trial would have been closely watched as the first major criminal case brought against a corporate executive over a breach by outsiders.

It also may be one of the last: In the five years since Sullivan was fired, payoffs to extortionists, including those who steal sensitive data, have become so routine that some security firms and insurance companies specialize in handling the transactions.

“This case will certainly make executives, incident responders and anybody else connected with deciding whether to pay or disclose ransom payments think a little harder about their legal obligations. And that’s not bad,” said Brett Callow, who researches ransomware at security firm Emsisoft. 

Most security professionals had been anticipating Sullivan’s acquittal, noting that he had kept the CEO and others who were not charged informed of what was happening. 

“Personal liability for corporate decisions with executive stakeholder input is a new territory that’s somewhat uncharted for security executives,” said Dave Shackleford, owner of Voodoo Security. “I fear it will lead to a lack of interest in our field, and increased skepticism about infosec overall.”

John Johnson, a “virtual” chief information security officer for multiple companies, agreed. “Your company leadership could make choices that can have very personal repercussions to you and your lifestyle,” he said. “Not saying everything Joe did was right or perfect, but we can’t bury our head and say it will never happen to us.”

Why do we care?

The first time a company executive faced criminal prosecution over a hack… and note, paying the ransom was the issue.   Sullivan is facing up to eight years in prison over this.     

If you’re playing virtual CISO for your companies… note that quote.  Other people’s choices can lead to personal ramifications for you in that role.  

This CISO, after keeping the other executives informed, was held personally liable despite buy-in from the rest of the leadership team.      Your virtual CISO job bears that same risk.      This case will shake up the norms around breaches, and it’s a big deal.    Anyone offering security services better get their lawyer on the phone.  

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories