On Wednesday, Oct. 5, 2022, Joe Sullivan, former chief security officer for Uber, was convicted on federal charges related to a ransom payment he authorized following a 2016 security breach. Sullivan was convicted of obstructing justice for concealing the breach from the Federal Trade Commission (“FTC”). The breach occurred when the FTC was reviewing Uber’s privacy practices.
What does this mean for me?
This is the first criminal case against a corporate officer for a data breach caused by a third party. Ransomware payments appear to be on the rise and have grave implications for firms and executives. Before paying a ransom, it is important to understand the legal and disclosure requirements, which are evolving.
The U.S. Securities and Exchange Commission (SEC) is pushing for more disclosure regarding incidents and breaches, specifically in the cyber rule that was proposed earlier in 2022, which was recently reopened for comment. The rule has not yet passed, but firms should remain aware of what the SEC expects regarding disclosure.
Fairview® Cyber assists clients with creating customized incident response plans. We offer comprehensive cyber and data security solutions for businesses focused on protecting client data. Contact us today to learn more.