Uber’s former chief security officer has been convicted of failing to tell US authorities about a 2016 hack of the company’s databases.
A jury in San Francisco found Joe Sullivan – fired from Uber in 2017 – guilty of obstruction of justice and concealing a felony.
Increasingly, companies negotiate with ransomware hackers.
But investigators said they must “do the right thing” when their systems are breached.
The conviction is a dramatic reversal for Sullivan, who had at one point in his career prosecuted cyber-related crime for the San Francisco US attorney’s office.
After Sullivan’s conviction his lawyer, David Angeli, said “Mr Sullivan’s sole focus, in this incident and throughout his distinguished career, has been ensuring the safety of people’s personal data on the internet,” the Washington Post reported.
But prosecutors said the case was a warning to companies.
“We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers,” US attorney Stephanie M Hinds said.
Ms Hinds accused Sullivan of working to hide the data breach from US regulator the Federal Trade Commission (FTC), adding he “took steps to prevent the hackers from being caught”.
