[Post updated September 2019] Chances are pretty good that you or someone you know has been the victim of cyberhacking. We live in a digital age today and unfortunately, our digital infrastructure is vulnerable to a wide range of risk of cyber crime and hacking. Banks, big corporations and defense contractors are even bigger targets. Even cities and hospitals are now targets.
Unfortunately, many of the cyberhacking and cybersecurity breaches go unreported and companies often only pay lip service to security protocols until it’s too late. There are awards, however, that can be paid to whistleblowers who report companies that fail to follow the law.
Whistleblower awards are available to workers with inside information about cyber hacking and cyber security involving defense contractors, banks and financial institutions, and other U.S. companies.
This post has six sections:
- Defense Contractors and Cybersecurity Whistleblower Awards
- Banks and Financial Services Cyberhacking Whistleblower Awards
- Healthcare Whistleblowers (HIPPA and Patient Data Security)
- SEC Cybersecurity Whistleblower Awards
- Whistleblower Anti-retaliation Protections
- Picking the Best Cybersecurity Whistleblower Lawyer
Defense Contractors and Cybersecurity Whistleblower Awards
In 2015, the Department of Defense released significant new cyber reporting rules. Those rules come on the heels of a number of attacks on both U.S. defense contractors and government agencies. One of those attacks successfully penetrated the Office of Personnel Management resulting in the records of over 21 million federal workers being hacked.
Under the new rules, Uncle Sam needs to be notified immediately when a defense contractor is cyber hacked. These rules apply to those companies that supply missile systems, communications software, combat logistics and other supplies and any service to the defense department. Intelligence agencies have or are implementing similar rules.
Contractors are also responsible for beefing up their cyber security protocols and protections to prevent hacking.
Companies that fail to protect their data or fail to report hacking incidents can be held responsible for these lapses. Under the federal False Claims Act, whistleblowers reporting these breaches can receive up to 30% of whatever the government collects from the wrongdoer.
With so many troops and intelligence personnel deployed around the world, defense contractors need to step up their game immediately. Unfortunately, we know of many that have not. Their negligence and recklessness directly puts American lives at risk and endangers thousands of servicemen and women worldwide.
Banks and Cyberhacking Whistleblower Awards – FIRREA
We entrust banks with trillions of dollars. Without even thinking about it, we deposit our paychecks in banks every day. Criminals know this and have started cyberattacks on banks. Earlier hacks were almost always aimed at individual bank customers but as organized crime and foreign banks become more involved in cybercrime, the banks themselves are becoming the targets.
In February 2016, sophisticated hackers attempted to steal $951 million from the Bangladesh Bank. While some may think this has nothing to do with Americans, the hack attempt came through the U.S. Federal Reserve Bank in New York. Regulators stopped the heist but not before $81 million was lost.
The Bangladesh hack wasn’t an isolated incident. Public reports show that the U.S. Federal Reserve and JPMorgan Chase have also been targets. Full details are rarely released to avoid public panic and to allow law enforcement to better investigate. That doesn’t mean that bank hacking incidents are isolated. The compliance professionals that we speak with say that these attempts happen daily.
The Office of the Comptroller of the Currency (OCC) and other banks regulators have issued numerous rules requiring banks and other financial institutions to tighten up security measures and require banks to report hacking incidents.
Under the Financial Institutions Reform, Recovery and Enforcement Act – FIRREA – whistleblowers with inside information about events and incidents that threaten the financial stability of a bank can receive cash awards. A bank that covers up a hacking incident or fails to protect customer accounts is certainly engaged in activities that threaten the bank’s stability. Because the FDIC backs most bank deposits in the U.S., the government wants to stop cybersecurity incidents before they cause losses to the banks and their customers.
Under the FIRREA, whistleblowers with inside knowledge of violations can receive up to $1.6 million in awards.
FIRREA awards have an added benefit in that whistleblowers may be able to remain completely anonymous.
Healthcare Whistleblowers – HIPAA and Patient Data Security
When we think of cyberhackers, we worry about our social security numbers and bank account information floating around the dark web. What could be worse? For some, it is their healthcare information!
Health information privacy is protected by HIPAA – the Health Insurance Portability and Accountability Act of 1996. This legislation provides data privacy and security provisions for safeguarding medical information. All healthcare providers are covered by HIPAA.
What happens, however, when a doctors office, hospital, substance abuse counselor or pharmacy doesn’t take proper safeguards?
Last October, hackers obtained access to a plastic surgery center’s patient files. According to a report originally published by foxnews.com, the hackers obtained photos and other sensitive information of top celebrities including patients who were having genitalia and breast enhancement procedures.
Many times hackers access records but nothing ever happens. Simply because a hacker gained access to files doesn’t mean any information was taken. Unfortunately, that was not the case here. The hackers reportedly said, “We’re going to pitch it all up for everyone to nab. The entire patient list with corresponding photos. The world has never seen a medical dump of a plastic surgeon to such degree.”
We are currently seeking healthcare industry workers or people working for data companies with inside knowledge of HIPAA violations or patient data being maintained on unsecured or unprotected platforms.
Even if you decide not to become a whistleblower, your information could be valuable to help prevent cyber attacks and patient data thefts. All inquiries are confidential. For more information, contact attorney Brian Mahany online, by email at or by phone at 202-800-9791. All inquiries are protected by the attorney – client privilege and kept completely confidential.
U.S. Corporations – Information Security Whistleblower Awards
Information security, compliance officers, IT professionals and others may be eligible for awards under the SEC’s Whistleblower Program. Companies that fail to implement proper anti-hacking and cybersecurity protocols may be liable under federal securities laws.
Cybersecurity has garnered a great deal of attention from regulators in recent years including from the SEC. Last year the SEC fined a brokerage firm, R.T. Jones Capital Equities Management, $75,000 for lax data security measures. An investigation revealed that the firm was hacked in 2013, probably from China. The SEC cited the company for not having data encryption or firewalls. RT Jones had 8400 clients.
In announcing the fine, the SEC said, “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”
Since then, the SEC has repeatedly reiterated that future violations will probably face much steeper fines and penalties. We expect that larger public companies will face millions or tens of millions in penalties.
A company that fails to disclose cyber security weaknesses or hacks could be in violation of SEC Rule 10b-5 which makes it “unlawful for any person … [t]o make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading…in connection with the purchase or sale of any security.”
Public companies are also required to disclose significant risk factors both in offering materials and in required public filings. The new Sarbanes – Oxley Act also has provisions requiring a company’s senior officers to disclose material weaknesses.
Like the FIRREA program above, SEC whistleblowers can usually remain anonymous.
Cybersecurity and Whistleblower Retaliation
Whistleblower retaliation is illegal under both federal and state law. Although there are no specific provisions for cyberhacking whistleblowers, if you fall within the False Claims Act (e.g. defense contractor whistleblowers) or under the SEC’s whistleblower program, you should be protected.
We are one of the few law firms that can handle both your whistleblower claim and any possible retaliation should it occur.
Picking the Right Cybersecurity Whistleblower Lawyer
Selecting the right cybersecurity whistleblower lawyer may be the single most important decision you make. Having an experienced cybersecurity whistleblower lawyer could easily mean the difference between receiving a reward or getting nothing. Having the right lawyer to guide you through the process from the start can safeguard your job, career, reputation and future.
Many lawyers dabble in whistleblower cases. That is understandable since there are only about 700 False Claims Act cases filed nationally each year. The government takes about 1 in 5 or 20 percent. The SEC takes less than 1 percent. Having the right lawyer certainly makes a difference with those odds.
Many lawyers belong to what we call the “file and forget” club. They file your case and simply hope it is one of the small percentage of the cases accepted by the government. If the government fails to intervene, they usually quickly withdraw. Why? because they simply aren’t prepared to take on a major case alone.
Always choose an experienced cybersecurity whistleblower lawyer with years of experience, one that is willing to take your claim all the way, whether the government opts to intervene or not.
Your lawyer must be fully equipped to take on the most complex of cybersecurity cases. This means being well-versed in whistleblower law, understanding cybersecurity issues and having experience taking on huge, powerful companies like IBM or Boeing. Your lawyer should also have access to the best investigative experts in the nation.
Cybersecurity whistleblower cases in particular often span a number of jurisdictions. Our cybersecurity whistleblower lawyers work with clients nationwide and have filed cases in 40 states. The “file and forget” club files only where it is convenient, usually that means in their local court house even if that isn’t the best place for the case.
The level of their experience and scope of practice can critical in persuading the government to devote resources to your case.
Obtaining a False Claims Act whistleblower award requires filing a lawsuit in federal court. While that task sounds daunting to many lawyers, our cybersecurity whistleblower lawyer team has years of experience investigating claims, preparing complaints and working with the Justice Department. Before we even file, we often interview prosecutors to determine where is the best place to file the case. Just like you interview lawyers to determine their abilities, we interview potential prosecutors.
Filing a whistleblower claim for someone still working for the wrongdoer sometimes means retaliation. It is illegal but it happens. Our cybersecurity whistleblower lawyer team knows anti-retaliation remedies available. We can answer your employment questions, mitigate risks and guide clients through every step of the process.
Whistleblowers are the backbone of the government’s war on fraud and greed. Whistleblowers who report cyberhacking or cybersecurity threats are doing the right thing. We understand that it can be tough to stand up to a big corporation or bank. All of our whistleblowers who did so, however, said it was the right thing to do and would do so again. That includes those that didn’t receive an award.
Cash awards and anti-retaliation provisions are two more reasons to step forward.
Need more information or want to discuss whether you may have a valid claim? First, visit our comprehensive cybersecurity whistleblower reward page for everything you need to know on securing a reward. Simply give us a call or contact us online. Serving whistleblowers is what we do and there is never a fee unless we recover money for you.
Additional Resources from the Due Diligence blog
- Comptroller of the Currency 2016 Whistleblower Opportunities
- New DOD Cyber Rules Present Whistleblower Opportunity
5 Vital Steps To Becoming A Successful Cybersecurity Whistleblower
Step #1: Call a Cybersecurity Whistleblower Lawyer Immediately!
This is the most important step to ensure your rights are protected and your case is built solid from the very start. Call before you report your suspicions to your co-workers, supervisor or other internal source, before you contact the government or a hotline, before you being collecting documents or other evidence. Your call is completely confidential and we will be able to answer all of your questions.
Step #2: Protect Your Information
To be eligible for a whistleblower award, you must protect your information as “original source.” Do not share it with anyone but your lawyer. Because of “first to file” requirements, if anyone reports your specific information, you lose your eligibility for the cash award. Your lawyer will lead you through the appropriate reporting procedures while safeguarding your information, protecting you from illegal retaliation, and helping to maximize your cash award amount.
Step #3: Keep A Detailed Diary
Create a safe place to log information, including specific dates, times, incidents, phone numbers, computer IDs, places and names of relevant individuals that have any relationship to your original information regarding a potential violation. Remember to keep information that may relate to a retaliation claim as well. Do not keep this diary at work or in a public computer and do not send any information via your work email account.
Step #4: Download our 11 Step Guide to Blowing the Whistle
Knowing that your employer is breaking the law is stressful. Because we understand that stress, we created an easy to understand 11 Step Guide to Blowing the Whistle. You can download the guide from our website at https://www.mahanyertl.com/11-step-guide-to-whistleblowing/. (Don’t worry, you don’t need to put in your email address or give us your phone number to download the guide.)
Step #5: Follow Proper Procedures For Gathering Evidence
We can help you determine what documents or evidence are helpful for your case and whether you can legally take these documents from the workplace. Any evidence taken in violation of the law may not be admissible and may get you into trouble. We can guide you through this process and are always available to answer any specific questions you may have as they arise.
More Questions On Blowing the Whistle and Reporting Cybersecurity Issues?
To learn more, please visit our cybersecurity whistleblower page. Ready to see if you have a case? Contact an experienced cybersecurity whistleblower lawyer at MahanyLaw online, by email at or by phone at +1.202.800.9791. All inquiries are protected by the attorney – client privilege and kept strictly confidential. Cases accepted worldwide