On October 5, 2022, a federal jury in the Northern District of California convicted former Uber Chief Security Officer Joseph Sullivan of obstructing a federal proceeding and misprision of a felony for his role in deceiving management and the federal government to cover up a 2016 data breach that exposed personally identifiable information (“PII”) of approximately 57 million users, including approximately 600,000 drivers’ license numbers, of the ride-hailing service. Sullivan, a former federal prosecutor, appears to be the first corporate executive criminally prosecuted—let alone convicted—for his response to a data security incident perpetrated by criminals. Sullivan faces a maximum of five years in prison for the obstruction charge, and a maximum three years in prison for the misprision charge.
The Colonial Pipeline ransomware attack shone a spotlight on the importance and potential vulnerabilities of U.S. critical energy infrastructure. Join our panel of energy industry and cybersecurity thought leaders for a discussion of the threats targeting the industry today, the state of the law when it comes to safeguarding against cyberattacks, and what to expect from Congress and the Administration as calls for increased regulation intensify.
On October 11, 2019, the leaders of the U.S. Commodity Futures Trading Commission (CFTC), the Financial Crimes Enforcement Network (FinCEN) and the U.S. Securities and Exchange Commission (SEC) (together, the Agencies) issued a joint statement highlighting the application of anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the Bank Secrecy Act (BSA) to persons engaged in activities involving digital assets (Joint Statement). On the same day, the SEC filed an emergency action to halt a digital asset distribution, citing BSA/AML concerns.1