Criminal Liability Risks from Cybersecurity Attacks – Even for Victims

In September 2020, Joseph Sullivan, the former Chief Security Officer of Uber, was indicted on cybersecurity-related offenses. However, he was not indicted because he was a hacker or because he stole data; rather, he was indicted and faces a prison sentence because he learned that Uber had been hacked and he failed to disclose it.

In this episode of our Enforcement and Investigations Updates podcast series, Government Enforcement and Compliance Group leader Diana Lloyd is joined by partner Adam Bookbinder, former Assistant U.S. Attorney for the District of Massachusetts and chief of its Cybercrime Unit, to discuss why this case raises new risks for corporate leaders and how they should properly address and disclose cybersecurity incidents.