Former Uber security chief convicted for concealing a felony
Thursday, October 6, 2022
The court also heard that internal legal advice had suggested that there was no need to disclose the hack if the attackers were identified, and agreed to delete the data and not spread it further.
Responding to the judgement, Dr Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network, wrote, "The Uber case is just another illustrative example of the unfolding global trend to hold cyber-security executives accountable for their companies' data breaches.
"Serious misconduct, such as deliberate concealment of a data breach despite the regulatory requirement to report the breach to mitigate harm, may even entail criminal sanctions."
Dr Kolochenko said cyber-security executives should urgently check that their employment contracts address issues such as coverage of legal fees in case of a civil lawsuit or prosecution in relation to their professional responsibilities. The contracts should also contain a guarantee that their employer will not sue them - as victimised companies may also do this in case of security incidents, she added. Read Full Article