Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Cybersecurity Firm May Have Hacked Its Own Clients To Extort Them

Illustration for article titled Cybersecurity Firm May Have Hacked Its Own Clients To Extort Them

When you hire a firm to take care of your cybersecurity, you’re hiring a team of experts whom you assume you can trust. But one such firm allegedly used the trust of its clients to straight-up extort them with made-up “data breaches.”


CNN Money gives us a rundown on Tiversa, a still-operating cybersecurity company that offers up digital security services to other companies. According to a whistleblower who worked there and is now testifying in federal court, Tiversa was running a very simple and clever scam.

We learn of the plight of LabMD, a medical testing company based in Atlanta. According to the former Tiversa employee, his company gained access to the lab’s medical files (remember, they were supposed to be helping LabMD secure those files) and then told LabMD there had been a data breach using the files as proof. Tiversa then straight-up extorted LabMD when the lab wouldn’t pay for its “incident response” services. When LabMD said no thanks, Tiversa told the company it would tell the Federal Trade Commission about the “hack.”


Then, it did—and things got even worse from there. The FTC, thinking the hack was real, went after LabMD, which ended up in a long legal battle. Ultimately the lab had to shut down, reports CNN, which got ahold of the court transcript to report all of these details.

So, let’s review: According to the witness, Tiversa made up a fake hack. When the “hacked” company refused to pay, Tiversa reported them to the FTC. The FTC then forced the lab to shut down.

Tiversa, for its part, is denying this ever occurred.

Things could get much worse for the company, as the House Oversight Committee is now involved. In a letter to the FCC, the committee reportedly claims Tiversa had tattled to the FTC about data breaches for “nearly 100 companies.” How many of those hacks were fake? It sounds as though we’re going to find out. CNN’s report has another astonishing tidbit: The allegation that Tiversa may have made up a report that claimed Iran had gotten a hold of the blueprints for President Obama’s helicopter.


It’s a remarkable story, and you should check out CNN Money’s full report on the lawsuit. If nothing else, it’s a reminder that any service provider whose expertise you pay for is motivated by profit margins, too. And when it comes to the rarified world of digital security, it’s pretty difficult to check that expertise.

Image: Tammy54


Share This Story

Get our newsletter


Fleet Admiral Josh

So the one thing I don’t get - and it is probably just the fact that I don’t fully grasp what is going on - if they’re paying this company to secure this files, is the “incident response” services another service they offer which they’re trying to get them to pay for, or is this like a guy running up to your car at an intersection and cleaning your windshield and then trying to guilt you into paying him for work you didn’t ask them to do?

Also, this doesn’t say anything about how many companies may have given in and paid for this service to avoid getting reported.