The Case of Uber's Ex-Security Chief Is a Divisive One

Data breaches that put consumer data at risk have become commonplace; this suit involving one such breach is anything but. Uber's former security chief, Joe Sullivan, goes on trial this week in US District Court in San Francisco in what's thought to be the first time an executive is facing criminal charges over a data breach. He's accused of obstructing justice and concealing a felony by not disclosing a 2016 hack. What you need to know:

• Sullivan is accused of covering up the breach, which compromised the data of 57 million Uber riders and drivers and wasn't shared with the public or regulators until Uber CEO Dara Khosrowshahi revealed it in November 2017. During that announcement, he also said that Sullivan had been fired.
• As part of the alleged cover-up, Sullivan is accused of trying to recast the hack as a part of Uber's "bug bounty" program, in which vulnerabilities in Uber's system could be reported for cash. But in this case, the hackers actually obtained personal info, which wasn't permitted under the program. They were reportedly paid a then-record $100,000, and allegedly told by Sullivan to sign an NDA that "falsely represented that the hackers had not obtained or stored any data during their intrusion," federal prosecutors allege, per the Guardian.

• Sullivan's trial "has divided the security industry," reports the New York Times, with other security chiefs wondering about the implications for themselves. If Sullivan is guilty, does that set a precedent that could put them in the crosshairs? Others are raising questions about why Sullivan is the only one in the hot seat, suggesting then-CEO Travis Kalanick and top lawyers would have known about the breach in 2016.
• The Times also gives some backstory on Sullivan, whom it describes as a "rock star in the information security world." He parlayed a career as a federal prosecutor focused on cybercrime into elite security jobs at big-name companies like Facebook, Uber, and Cloudflare. And, yes, "the same prosecutor's office where Mr. Sullivan had worked decades earlier" is the one that's prosecuting him now.
• As for the two sides' legal approaches, "Prosecutors and Uber are aligned in arguing that Sullivan was a rogue employee," reports Bloomberg. Sullivan alleges Khosrowshahi was trying to reel in a $9 billion investment deal with SoftBank, which learned about the hack and insisted it be disclosed; he alleges Khosrowshahi fired him to appease SoftBank.

(More Uber stories.)