When you hire a firm to take care of your cybersecurity, you’re hiring a team of experts whom you assume you can trust. But one such firm allegedly used the trust of its clients to straight-up extort them with made-up “data breaches.”
CNN Money gives us a rundown on Tiversa, a still-operating cybersecurity company that offers up digital security services to other companies. According to a whistleblower who worked there and is now testifying in federal court, Tiversa was running a very simple and clever scam.
We learn of the plight of LabMD, a medical testing company based in Atlanta. According to the former Tiversa employee, his company gained access to the lab’s medical files (remember, they were supposed to be helping LabMD secure those files) and then told LabMD there had been a data breach using the files as proof. Tiversa then straight-up extorted LabMD when the lab wouldn’t pay for its “incident response” services. When LabMD said no thanks, Tiversa told the company it would tell the Federal Trade Commission about the “hack.”
Then, it did—and things got even worse from there. The FTC, thinking the hack was real, went after LabMD, which ended up in a long legal battle. Ultimately the lab had to shut down, reports CNN, which got ahold of the court transcript to report all of these details.
So, let’s review: According to the witness, Tiversa made up a fake hack. When the “hacked” company refused to pay, Tiversa reported them to the FTC. The FTC then forced the lab to shut down.
Tiversa, for its part, is denying this ever occurred.
Things could get much worse for the company, as the House Oversight Committee is now involved. In a letter to the FCC, the committee reportedly claims Tiversa had tattled to the FTC about data breaches for “nearly 100 companies.” How many of those hacks were fake? It sounds as though we’re going to find out. CNN’s report has another astonishing tidbit: The allegation that Tiversa may have made up a report that claimed Iran had gotten a hold of the blueprints for President Obama’s helicopter.
It’s a remarkable story, and you should check out CNN Money’s full report on the lawsuit. If nothing else, it’s a reminder that any service provider whose expertise you pay for is motivated by profit margins, too. And when it comes to the rarified world of digital security, it’s pretty difficult to check that expertise.