Flickr
A former cybersecurity investigator named Richard Wallace is claiming that his former employer - cybersecurity company Tiversa - extorted clients by faking hacks and threatening to inform federal regulators, CNNMoney reports.
Wallace claims that Tiversa would routinely fake data breaches and then "pressure firms to pay up" by buying its cybersecurity services, according to a federal courtroom transcript reported by CNN. This came to a head when Tiversa allegedly approached cancer testing services company LabMD about a supposed hack. LabMD refused to buy into Tiversa's services, so Tiversa allegedly reported the cancer-testing company to the FTC for having a data breach.
This led to a years-long fight between the federal agency and LabMD that ultimately resulted in LabMD shutting down in 2014. Wallace was called as a witness in an ongoing legal case between LabMD and the FTC in a Washington DC federal court. If Wallace's claims are substantiated in court, it could mean that the FTC relied on false data from Tiversa.
This lawsuit raises some potentially worrisome issues about practices in the cybersecurity industry.
Dave Aitel, CEO of the cybersecurity company Immunity Inc., thinks this to be an exceptional case. "It's the general rule in the industry that you don't approach people like that," Aitel told Business Insider. "You don't go up to a company and say 'hey you've been penetrated,'" he added.
Companies that do are generally considered "scam-ier" by the rest in the business, Aitel said, adding "[cybersecurity] is a really small industry."
Perhaps more important, at least to smaller security firms, is the FTC's confrontation with LabMD. In cases where a breach is alleged, it's hard to know the real culprit.
"It could be a third party… There's a hundred different things it could have been," Aitel said. "Even when it looks like your fault it might not be your fault."
Tiversa, which has allegedly helped with breach investigations of "nearly 100 companies," told CNNMoney that Wallace's claims are "baseless." We've reached out to Tiversa for comment and will update if they respond.