Former Uber CISO Convicted: What, How & Why?

Date: 11 October 2022

Featured Image

Uber Technologies’ former CISO, Joseph Sullivan, has been convicted of federal charges for covering up a 2016 data breach in which the personal information of 57 million Uber users  was stolen. A United States Federal Jury has found Sullivan guilty of obstructing the proceedings of the Federal Trade Commission (FTC).  Apparently, Sullivan, then in-charge of security operations and cyber security at the company, spearheaded the scheme in which Uber paid hackers $100,000 through its bug bounty program to not release the data and stay silent on the attack. The hack was disclosed in 2017 when the new Uber CEO, Dara Khosrowshahi, stepped into his new role.

The reason why this conviction is a watershed moment in cybersecurity history is not because CISOs aren’t often made the scapegoat for security incidents. But it is usually limited to them being publicly blamed or fired for such incidents. This is believed to be the first time that a CISO of a major U.S company has been convicted for a data breach and its ensuing cover-up.   

Did the CISO’s job just become tougher than it already is? The spotlight on the former Uber CISO’s conviction definitely seems to say so. The pressure is on and the message is clear - executive due diligence is of paramount importance where cybersecurity is concerned. 

The more important lesson here? Cyber-attacks happen to everyone and all the time. The real cincher lies in how you respond to them, record the events and report the incident. If this event has taught us anything it is this - Incident Response Handling has never been as critical to business continuity and brand perception as it is today. 

New call-to-action

In the below table, we capture some of the major news stories around this massive moment in global cybersecurity. The idea of creating this resource is strictly educational. We, at Cyber Management Alliance, do not take any responsibility for the veracity of the facts mentioned in any of the news stories. We have only collated some of the useful resources for anyone who wishes to educate themselves on how the events unfolded in the former Uber CISO’s conviction. 

Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.

Comments/ Summary 

Source URL   

Former Uber security chief convicted of covering up a 2016 data breach 

Federal Jury Finds Joseph Sullivan Guilty of Obstruction of the Federal Trade Commission and Misprision of a Felony 

Uber Boss Testifies He ‘Could Not Trust’ Ex-Security Chief 

Uber names hackers behind breach 

Recent Uber data breach 

The majority of security professionals do not understand corporate structure and accountability. 

Former Uber security chief convicted for concealing a felony 

Former Uber CSO convicted for covering up massive 2016 data theft 

Ex-Uber security chief convicted of hiding hack from federal regulators 

What Uber’s Joe Sullivan Case Means For ‘Sacrificial CISOs’ 

Guilty verdict in the Uber breach case makes personal liability real for CISOs 

Cyber attorney on Uber case: ‘Sullivan should have been well aware of his obligation’ 

This is believed to be the first criminal prosecution of a company executive over the handling of a data breach. 

“I know a lot of people are freaking out about the Uber CISO verdict, but this verdict has little to do with being a CISO." 

“The risk is to make cybersecurity a toxic function that talented people avoid. Exactly the opposite of what we need." 

Whom should we sympathise with? 

Former Uber CISO Convicted 

Former Uber CISO Faces Prison Time For Mishandling Cyberattack 

Interesting Opinions on the Uber CISO Conviction

Jake Williams

Mark Dunkerley

Michael Meis

Andy Jenkinson

Rahul Sasi

Rinki Sethi




New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422