Appeals court affirms criminal conviction for corporate executive's inaccurate Federal Trade Commission data breach disclosures

Alert

A federal appeals court has affirmed the conviction of Uber's former Chief Information Security Officer, Joe Sullivan, for making inaccurate data breach disclosures to the Federal Trade Commission(FTC). In 2014, hackers stole data from Uber's network. The FTC launched an investigation into Uber's data security practices and response to the incident, and Sullivan provided the Commission with sworn testimony concerning Uber's cybersecurity posture. Ten days after his testimony, he learned of a second cyberattack that impacted the data of 57 million passengers and drivers. Sullivan negotiated a ransom payment to suppress the stolen data and convinced the hackers to sign nondisclosure agreements. Rather than disclose the breach to the FTC, Sullivan characterized the incident as a bug bounty program. Sullivan's charges focused on the failure to disclose the breach's true nature and his subsequent cover-up efforts. 

Indicting a corporate executive for mishandling a government investigation into a cyberattack is just one way the government is increasing pressure on businesses to comply with data privacy and security laws. Organizations that experience cybersecurity incidents should proceed with caution when responding to state and federal investigations to mitigate additional business risks and civil and criminal liability. 

Attorneys from McDonald Hopkins' national data privacy and cybersecurity practice group are available to counsel business organizations through state and federal investigations into cyberattacks.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.