October 28, 2021

Volume XI, Number 301

Advertisement
Advertisement

October 28, 2021

Subscribe to Latest Legal News and Analysis

October 27, 2021

Subscribe to Latest Legal News and Analysis

October 26, 2021

Subscribe to Latest Legal News and Analysis

Cybersecurity Whistleblowers Protect the House

The Securities and Exchange Commission recently announced several sanctions against financial services firms whose cybersecurity breaches resulted in personal information exposure for thousands of employees and clients of those eight firms. Due to deficiencies in the cybersecurity policies at these firms, unauthorized third parties were able to gain access to firm email accounts and expose Personally Identifying Information (PII). Besides failing to follow security procedures to protect email accounts in the first place, a group of firms failed to timely notify affected parties. Another group of investment advisory firms promptly notified affected customers but did not implement cybersecurity countermeasures until almost two years after the incident. The third advisory firm had a mere 15 email accounts breached which affected almost 5,000 customers, and they also failed to timely implement procedures to prevent further incidents. The SEC levied total penalties of $750,000 against the firms, with commentary that planning to implement security measures is not a substitute for actually implementing security measures in order to protect consumers’ information.

Cybersecurity-related fraud is another area where we should expect to see enhanced False Claims Act activity. With the growing threat of cyberattacks, federal agencies are increasingly focused on the importance of robust cybersecurity protections. Where such protections are a material requirement of payment or participation under a government program or contract, the knowing failure to include such protections could give rise to False Claims Act liability. Whistleblowers who successfully report such cybersecurity fraud can expect to receive at least 15% of the government’s recovery.

Appreciating that “cyber threats pose a significant and increasing risk to our national security, our economic security, and our personal security,” the Department is Justice is focused on “developing the next generation of prosecutors with the training and experience necessary to combat the next generation of cyber threats.”

Before cybersecurity incidents grow to the point of requiring legal intervention, whistleblowers can help protect the government and consumers by reporting deficiencies in cybersecurity procedures. The SEC Whistleblower Reward Program “strongly encourage[s] the public (including whistleblowers) to submit any tips, complaints, and referrals (TCRs).”

© 2021 by Tycko & Zavareei LLPNational Law Review, Volume XI, Number 245
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Jonathan K. Tycko leads the Whistleblower Practice Group of Tycko & Zavareei LLP

In recent years, the laws of the United States have undergone a whistleblower revolution. Federal and state governments now offer substantial monetary awards to individuals who come forward with information about fraud on government programs, tax fraud, securities fraud, and fraud involving the banking industry. Whistleblowers also now have important legal protections, designed to prevent retaliation and blacklisting.

The law firm of Tycko & Zavareei LLP works on the cutting edge of this whistleblower revolution, taking on even the most complex and confidential whistleblower...

202-973-0900
Advertisement
Advertisement
Advertisement