In 2010, the Federal Trade Commission approached an Atlanta-based medical testing company, LabMD, with accusations that it had wrongfully left its customer data insecure and vulnerable to hackers. LabMD’s owner denied that the company was at fault and a giant legal battle ensued. To quote my post last year at Overlawyered:
…according to owner Michael Daugherty, allegations of data insecurity at LabMD emanated from a private firm that held a Homeland Security contract to roam the web sniffing out data privacy gaps at businesses, even as it simultaneously offered those same businesses high-priced services to plug the complained-of gaps.
Last week, finally, after five years, the case reached an administrative hearing at the FTC, which heard “bombshell” testimony given under immunity by former Tiversa employee Richard Wallace:
After LabMD CEO Michael Daugherty refused to buy Tiversa’s services, Tiversa reported false information to the FTC about an alleged security incident involving LabMD’s data, Wallace claimed in his testimony.
CNN headlined its story “Whistleblower accuses cybersecurity company of extorting clients” – that is, by threatening to turn them in to the feds if they spurned its vendor services.
To be sure, allegations are merely allegations, and we haven’t heard Tiversa’s side of the story, except for a statement from its CEO Bob Boback: “This is an overblown case of a terminated employee seeking revenge. Tiversa has received multiple awards from law enforcement for our continued efforts to help support them in cyber activities.” The advisory board of the Pittsburgh-based security services company includes former four-star Army general and former Democratic presidential candidate Wesley Clark.