Technology
Cybersecurity

Uber Executive’s Conviction Puts Spotlight on Secrecy About Hacking

Ambiguous laws, attorney-client privilege can stymie transparency when companies get breached. 

Joe Sullivan, the former head of security at Uber, leaves court in San Francisco on Friday, Sept. 16, 2022.

Photographer: Jim Wilson/New York Times News Service

Contact us:
Provide news feedback or report an error
Confidential tip?
Send a tip to our reporters
Site feedback:
Take our SurveyNew Window
By Jack Gillum
Lock
This article is for subscribers only.

The conviction of Uber Technologies Inc.’s former security chief on Oct. 5 has raised the specter that a high-profile criminal charge and newly expanded federal rules may force companies to be more transparent when it comes to reporting cybersecurity breaches. But that new path forward runs up against a stubborn history of secrecy, according to industry data and interviews with security experts.

A lack of corporate transparency around hacking manifests in several ways, from companies issuing minimal, often vague, public statements to hiring cybersecurity investigators through law firms, which can attach attorney-client privilege. Companies may also not want to disclose breaches because it could damage their reputation.

HomeBTV+Market DataOpinionAudioOriginalsMagazineEvents
News
MarketsEconomicsTechnologyPoliticsGreenCryptoAI
Work & Life
WealthPursuitsBusinessweekCityLabSportsEqualityManagement & Work
Market Data
StocksCommoditiesRates & BondsCurrenciesFuturesSectorsEconomic Calendar
Explore
NewslettersExplainersPointed News QuizAlphadots GameThe Big TakeGraphicsSubmit a TipAbout Us
Terms of ServiceTrademarksPrivacy Policy
CareersAdvertise
Ad Choices
Help©2026 Bloomberg L.P. All Rights Reserved.