The federal government recently encouraged the equivalent of a bug bounty program, looking for individuals who are aware of cybersecurity vulnerabilities in companies that hold government data.
If you are aware of weak cybersecurity practices by a company that maintains government data, you may be able to file a claim under the False Claims Act (FCA). Cybersecurity whistleblowers who have exposed data security gaps and cybersecurity fraud have been rewarded with millions of dollars.
Who Can File a Cybersecurity Whistleblower Claim?
Anyone. Most often, cybersecurity whistleblowers are information technology professionals, data privacy specialists, hackers, or even regular employees. However, this list is not exhaustive. You don’t need to be a company insider in order to file a claim seeking a monetary award.
If you think a company has insufficient data security, contact one of our lawyers.
Who Can Be Liable for These Claims?
Each year, thousands of companies contract with the government and are responsible for maintaining government data. If any of these organizations fails to protect that sensitive information, they may be the subject of a whistleblower action.
A government contractor could be any organization that enters into business with the government. This includes many large companies, such as: Amazon, Lockheed Martin, Verizon, General Dynamics Information Technology, Pfizer, IBM, Raytheon.
If you are unsure if a company has a contract with the government, our experienced whistleblower attorneys are available for a free consultation.
Cybersecurity Fraud Settlements and Whistleblower Rewards
Whistleblowers have received millions of dollars for exposing cybersecurity vulnerabilities and other government fraud.
- In May 2017, a software technician received approximately $30 million from a $155 million settlement after exposing data portability weaknesses in the software system of eClinicalWorks, one of the largest vendors of electronic health records software.
- In July 2019, an employee of a Cisco partner became a whistleblower against Cisco Systems when he discovered vulnerabilities in a video surveillance software that was sold to the US government. He received $1.6 million from a settlement of $8.6 million.
- In April 2022, a senior director of cybersecurity received part of a $9 million settlement after filing a whistleblower lawsuit against Aerojet Rocketdyne Holdings for misleading the government about their compliance with cybersecurity regulations.
- In March 2019, Duke University settled a lawsuit for $112.5 million after a whistleblower exposed the falsification of data for federal grants. That individual received over $33 million from the settlement.
- In February 2022, a whistleblower was awarded $10.9 million from a $48.5 million settlement resolving claims against TriMark USA for mishandling government contracts.
Our Whistleblower and Data Privacy Experience
Our whistleblower and data privacy attorneys are uniquely qualified to understand and assess your concerns about a potential cybersecurity vulnerability. We have specialized knowledge about cybersecurity controls, industry standard IT practices, hacking techniques, and information security frameworks. We have also been involved in some of the largest data security lawsuits in the country.
If you know of a cybersecurity vulnerability, we can help you assess your potential claims. We are based in Oakland, California, but have a national practice and take cases anywhere in the United States.