The chief executive of the ride-sharing company said in court on Friday that he had fired Joe Sullivan because he could no longer trust him.
Mr. Khosrowshahi said he couldn't trust Mr. Sullivan's judgement anymore. I didn't think the decision not to tell was the right one.
The star witness at Mr. Sullivan's trial was Mr. Khosrowshahi. The lawyers for Mr. Sullivan argue that the management team unfairly targeted him as they worked to change the company's image.
He fired Mr. Sullivan because he lied to him. The incident was reported to regulators because it was in the best interests of the public.
Daily business updates The latest coverage of business, markets and the economy, sent by email each weekday.According to experts, the outcome of the trial could change how security incidents are handled. Mr. Sullivan is believed to be the first company executive to face criminal prosecution for their response to a data breech.
The hack was discovered in 2016 while the FTC was investigating a previous hack. A hacker sent an email to Mr. Sullivan saying that he had found a major security vulnerability in the online systems of the company.
According to court testimony and documents, Mr. Sullivan learned that the hacker had downloaded a database containing the personal data of about 600,000 drivers.
A common method of paying security researchers to identify and report security vulnerabilities is the bug bounty program. The hackers were paid $100,000 and had non-disclosure agreements signed.
The F.T.C. was not made aware of the incident until after Mr. Khosrowshahi took over as CEO. Two people plead guilty to hacking.
If a certain number of users are affected by a security breach, most states require the company to report it. There isn't a federal law that requires companies or executives to tell regulators if they break the law.
The company was under investigation by the F.T.C. when Mr. Sullivan was accused of concealing a felony.
Whitney Merrill, a security and privacy professional and lawyer who used to work at F.T.C., said a lot of people are scared about prosecuting Joe Sullivan. I think this is a lesson for any high level official who has to communicate with the government, that they can't treat it like it's unimportant.
He asked Mr. Sullivan to give more information over email after learning about the data hack.
According to court testimony and documents, Mr. Sullivan sent an email to Mr. The email did not say that the hackers had downloaded personal information about drivers and riders.
The email did not tell him that Mr. Sullivan and his team had paid $100,000 to the hackers for their work.
He said on the stand that the incident had to be disclosed to regulators. If there is an obligation for disclosure, you have to. The people are affected by this.
A hacker announced their presence in the company's workplace messaging system on Thursday. The hacker claimed to have access to the company's internal systems. The corporate systems were shut down on Thursday evening as the company investigated the extent of the incident.
There was no evidence that the hacker had access to sensitive user data, according to the company. The company said all of its services were working.
Kate Conger worked on the report.