Whistleblower accuses cybersecurity company of extorting clients

May 11, 2015

In a federal court this week, Richard Wallace, a former investigator at cybersecurity company Tiversa, said the company routinely engaged in fraud -- and mafia-style shakedowns.

To scare potential clients, Tiversa would typically make up fake data breaches, Wallace said. Then it pressured firms to pay up.

"Hire us or face the music," Wallace said on Tuesday at a federal courtroom in Washington, D.C.. CNNMoney obtained a transcript of the hearing.

The results were disastrous for at least one company that stood up to Tiversa and refused to pay.

In 2010, Tiversa scammed LabMD, a cancer testing center in Atlanta, Wallace testified. Wallace said he tapped into LabMD's computers and pulled the medical records.

The cybersecurity firm then alerted LabMD it had been hacked. Tiversa offered it emergency "incident response" cybersecurity services. After the lab refused the offer, Tiversa threatened to tip off federal regulators about the "data breach."

When LabMD still refused, Tiversa let the Federal Trade Commission know about the "hack."

The FTC went after the lab, giving the company a choice: sign a consent decree (basically a plea deal which means years of audits and a nasty public statement) or fight in court. The CEO of LabMD, Michael Daugherty, chose to fight, because a plea deal would have tarnished his reputation and killed the business anyway, he said.'

Read full article