Frequently Asked Questions (FAQs) About Cybersecurity Whistleblowers
Who can be a cybersecurity whistleblower?
Cybersecurity whistleblowers are usually current or former employees of the wrongdoer, a government worker or third party with “original source” information regarding lax cybersecurity or failure to report a breach involving banking, public companies, mortgage companies, brokerage firms, commodities brokers, government contractors or contractors working with the Department of Defense. To collect a reward, there must be a loss or potential loss to the government.
How do I know if I have “original source” information?
To claim a reward, you must be the “original source” of the information. In other words, it must be inside information. Original source information is information derived from the independent knowledge or analysis by the whistleblower. The means information is not already in the hands of the regulatory agency. It also means the information did not come from allegations made in a judicial or administrative hearing, government report, audit, investigation or news media.
If you were the one who originally reported the misconduct to a government agency or in a court proceeding, you may still qualify as the original source.
How much evidence of non-compliance do I need to become a cybersecurity whistleblower?
Even the mere suspicion of an unreported breach or negligent cybersecurity practices offers enough cause to contact a cybersecurity whistleblower lawyer, who can then confidentially evaluate your information and eligibility for a whistleblower award. Most whistleblower programs do not require proof of intent to violate cybersecurity regulations. Evidence suggesting the wrongdoer acted knowingly, with deliberate ignorance OR reckless disregard is often enough to file a whistleblower claim.
Can I report my information anonymously?
Initial consultations with a cybersecurity whistleblower lawyer are always kept confidential. Unless you are making a report to the SEC whistleblower program, your name will likely need to be given to the government. Even then, the whistleblower’s identity is normally kept confidential during the investigation.
Will my identity be kept confidential?
Under the SEC Whistleblower Program, the whistleblower is rarely, if ever, identified to the public. Under the False Claims Act, the whistleblower’s identification is often revealed late in investigation or when legal proceedings are initiated.
There are steps your lawyer can take to protect your identity from public disclosure.
How do I apply for a cybersecurity whistleblower award?
Call a cybersecurity whistleblower lawyer immediately – before you report your suspicions to your co-workers, supervisor or other internal source – before you contact the government or a hotline – before you being collecting documents or other evidence. To be eligible for a whistleblower award, first and foremost, you must protect your information as “original source.” Do not share it with anyone but your lawyer.
Second, you must be the “first to file.” If anyone reports your specific information, you lose your eligibility for the cash award. Your lawyer will lead you through the appropriate reporting procedures while safeguarding your information, protecting you from illegal retaliation, and helping to maximize your cash award amount.
How does the court determine my whistleblower award amount?
Because of the millions to billions of dollars in damage that cybersecurity violations can cause, cybersecurity whistleblower awards often fall in the millions of dollars range. Determinations of the exact amount awarded to a whistleblower depend on the monetary range offered by each applicable statute. Within that range, the court determines the exact whistleblower award amount based upon (1) ability to follow reporting requirements and required deadlines, (2) value of information supplied by whistleblower, (3) amount of damage resulting from misconduct, (4) whether or not government chooses to intervene, (5) extent to which whistleblower aids investigation, and (6) extent to which whistleblower participated in misconduct (among other criteria).
When will my employer learn that I have reported a violation?
In order to facilitate the gathering of evidence, companies under investigation are not often made aware of a whistleblower’s identity until investigation or legal proceedings require. Consultations with a cybersecurity whistleblower lawyer are always kept confidential.
What rights do I have if my employer retaliates against me for reporting a violation?
Numerous federal and state anti-retaliation protections are available for employees or other individuals who have reported misconduct (internally or externally) or assisted with an investigation regarding misconduct. These protections allow employees or others who have been fired, demoted, harassed, threatened, denied promotion, blacklisted or otherwise discriminated against because they attempted to stop a violation to sue that employer for damages, often including double back pay for lost wages and/or benefits, job reinstatement, and attorneys’ fees and costs.
What does a cybersecurity whistleblower lawyer do?
The cybersecurity whistleblower lawyer is the single most important tool a whistleblower uses to obtain their cash whistleblower award. From the moment a whistleblower becomes suspicious of his or her employer’s activities, to the point the whistleblower cashes the award check – and beyond – the cybersecurity whistleblower lawyer is helping direct his every move. Why? These experienced professionals understand and help their clients with:
- The complexities of cybersecurity whistleblower laws
- The detailed procedures and statutes of limitations involved in reporting misconduct
- Special challenges regarding military or intelligence contracting that involve highly confidential documents.
- How to protect the rights of the whistleblower
- What documents or evidence are helpful for your case
- Whether you can legally take those documents from the workplace
- The best means for approaching a whistleblower claim based on the information supplied by the whistleblower
- How to protect the whistleblower’s identity and career
- How to maximize the cash award amount
- How to pursue an anti-retaliation claim if necessary
What happens once I contact a cybersecurity whistleblower lawyer?
Your first consultation with a cybersecurity whistleblower lawyer often involves a confidential discussion around your suspicions or evidence of misconduct, and whether or not your information makes you eligible for a cash whistleblower award. Based on your specific information, your lawyer will discuss how best to proceed in a way that will protect your rights as whistleblower – i.e. how to collect further evidence, how to keep notes on employer activities, how to craft language should you want to give your employer a chance to fix the problem before filing a claim.
Should you choose to file a claim, your lawyer will then assist you in preparing your case, meeting required deadlines, maximizing your award and safeguarding your rights.
Are there time limits on filing a whistleblower lawsuit?
Yes! First-to file requirements apply in many cases. Statutes of limitations in cybersecurity whistleblower lawsuits are complex and highly dependent on each specific case. Some misconduct must be reported within a few years to be eligible.
What if I am not a U.S. citizen, can I still claim a cybersecurity whistleblower reward?
Yes! There is no requirement of citizenship or resident alien status. Many whistleblowers outside the United States have received awards.
More Questions On Cybersecurity Whistleblowers?
To learn more, please visit our cybersecurity whistleblower page. Ready to see if you have a case? Contact the cybersecurity whistleblower lawyers at MahanyLaw online, by email at or by phone at +1.202.800.9791. All inquiries are protected by the attorney – client privilege and kept strictly confidential. Cases accepted worldwide.