Federal Bug Bounty Program

The federal government recently encouraged the equivalent of a bug bounty program, looking for individuals who are aware of cybersecurity vulnerabilities in companies that hold government data.

If you are aware of weak cybersecurity practices by a company that maintains government data, you may be able to file a claim under the False Claims Act (FCA). Cybersecurity whistleblowers who have exposed data security gaps and cybersecurity fraud have been rewarded with millions of dollars.

Know of a company putting government data at risk?

Speak with our attorneys for a free and confidential evaluation of your potential whistleblower claims.


Who Can File a Cybersecurity Whistleblower Claim?

Anyone. Most often, cybersecurity whistleblowers are information technology professionals, data privacy specialists, hackers, or even regular employees. However, this list is not exhaustive. You don’t need to be a company insider in order to file a claim seeking a monetary award.

If you think a company has insufficient data security, contact one of our lawyers.

Who Can Be Liable for These Claims?

Each year, thousands of companies contract with the government and are responsible for maintaining government data. If any of these organizations fails to protect that sensitive information, they may be the subject of a whistleblower action.

A government contractor could be any organization that enters into business with the government. This includes many large companies, such as: Amazon, Lockheed Martin, Verizon, General Dynamics Information Technology, Pfizer, IBM, Raytheon.

If you are unsure if a company has a contract with the government, our experienced whistleblower attorneys are available for a free consultation.

Cybersecurity Fraud Settlements and Whistleblower Rewards

Whistleblowers have received millions of dollars for exposing cybersecurity vulnerabilities and other government fraud.

  • In May 2017, a software technician received approximately $30 million from a $155 million settlement after exposing data portability weaknesses in the software system of eClinicalWorks, one of the largest vendors of electronic health records software.
  • In July 2019, an employee of a Cisco partner became a whistleblower against Cisco Systems when he discovered vulnerabilities in a video surveillance software that was sold to the US government. He received $1.6 million from a settlement of $8.6 million.
  • In April 2022, a senior director of cybersecurity received part of a $9 million settlement after filing a whistleblower lawsuit against Aerojet Rocketdyne Holdings for misleading the government about their compliance with cybersecurity regulations.
  • In March 2019, Duke University settled a lawsuit for $112.5 million after a whistleblower exposed the falsification of data for federal grants. That individual received over $33 million from the settlement.
  • In February 2022, a whistleblower was awarded $10.9 million from a $48.5 million settlement resolving claims against TriMark USA for mishandling government contracts.

Our Whistleblower and Data Privacy Experience

Our whistleblower and data privacy attorneys are uniquely qualified to understand and assess your concerns about a potential cybersecurity vulnerability. We have specialized knowledge about cybersecurity controls, industry standard IT practices, hacking techniques, and information security frameworks. We have also been involved in some of the largest data security lawsuits in the country.

If you know of a cybersecurity vulnerability, we can help you assess your potential claims. We are based in Oakland, California, but have a national practice and take cases anywhere in the United States.

Our Cybersecurity Whistleblower Attorneys

David Berger

David represents consumers in data breach, privacy, and financial services litigation. He has prosecuted some of the largest privacy cases nationwide.

View full profile

Eric Gibbs

A founding partner at the firm, Eric has negotiated groundbreaking settlements that favorably shaped laws and resulted in business practice reforms.

View full profile

Amy Zeman

Amy has built a reputation in the plaintiffs’ bar for delivering results to consumers and sexual assault survivors in class actions and mass torts.

View full profile

Aaron Blumenthal

Aaron represents consumers, employees, and whistleblowers in class actions and other complex litigation.

View full profile

About Us

Gibbs Law Group is a California-based law firm committed to protecting the rights of clients nationwide who have been harmed by corporate misconduct. We represent individuals, whistleblowers, employees, and small businesses across the U.S. against the world’s largest corporations. Our award-winning lawyers have achieved landmark recoveries and over a billion dollars for our clients in high-stakes class action and individual cases involving consumer protection, data breach, digital privacy, and federal and California employment lawsuits. Our attorneys have received numerous honors for their work, including “Top Plaintiff Lawyers in California,” “Top Class Action Attorneys Under 40,” “Consumer Protection MVP,” “Best Lawyers in America,” and “Top Cybersecurity/ Privacy Attorneys Under 40.”

california lawyer attorney of the year CLAY award
titan of plaintiffs bar award
best law firm ranking
chambers USA leading firms award
daily journal top plaintiff lawyers award

Consult a Cybersecurity Whistleblower Attorney

At no cost, consult a lawyer to find out if you have a strong whistleblower lawsuit.