WSJ logo
Forbes logo
Fox News logo
CNN logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo

Cybersecurity Whistleblower Program

Lawyers for Whistleblowers Reporting Cybersecurity Vulnerabilities, Fraud and Other Cybersecurity Failures

Lynette Byrd
Attorney Lynette Byrd
Whistleblower Team Lead
Former DOJ Attorney
Nick Oberheiden
Attorney Nick Oberheiden
Whistleblower Team Lead
Brian Kuester
Attorney Brian Kuester
Whistleblower Team
Former U.S. Attorney and District Attorney

Breaches of cybersecurity protocols and other cybersecurity incidents can leave companies’ data exposed. Cybersecurity breaches can also expose consumer data held by financial institutions and other businesses; and, in cases involving cybersecurity incidents under federal contracts for defense research and other critical services or infrastructure, attacks can present threats to national security.

Cybersecurity incidents involving federal contractors and cyber fraud under government contracts can lead to taxpayer losses as well. When federal contractors adhere to the federal government’s cybersecurity standards and implement adequate security programs, they can play essential roles in the efficient operation of the government and the development of new technologies. However, when federal contractors do not adhere to the federal government’s cybersecurity standards and introduce cybersecurity risks into federal systems and architecture, this can have significant adverse consequences for taxpayers—and potentially for the federal government and the U.S. population at large.

Legal Representation for Employees of Publicly Traded Companies, Federal Contractors, and Government Agencies Reporting Violations of Cybersecurity Obligations

At Oberheiden P.C., we represent employees of publicly traded companies, federal government contractors, and federal government agencies reporting violations of cybersecurity obligations to the federal government. Several federal agencies accept whistleblower complaints related to data breaches and other cybersecurity failures. Certain federal agencies, including the U.S. Department of Justice (DOJ) also accept whistleblower complaints involving cyber fraud committed by federal contractors.

If you are thinking about (or have questions about) serving as a cybersecurity whistleblower, our lawyers can explain everything you need to know. We can walk you through the cybersecurity laws and other federal and state laws that apply in cases involving material cybersecurity incidents, as well as the federal laws that provide protections (and compensation) to cybersecurity whistleblowers.

If you decide that you want to blow the whistle, we can also work with the U.S. Department of Justice or other appropriate federal authorities on your behalf. We can help ensure you receive the legal protections that are available; and, if you become eligible for a whistleblower reward, we can work with the government to secure the funds you are entitled to receive. We handle cases involving all types of cybersecurity-related legal and regulatory compliance violations; and, with a team that includes former federal prosecutors and federal agents, we are extremely well-versed in the federal whistleblowing process.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden

Founder

Attorney-at-Law

Lynette S. Byrd
Lynette S. Byrd

Former DOJ Trial Attorney

Partner

Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Kevin McCarthy
Hon. Kevin McCarthy

55th Speaker, U.S. House of Representatives (ret.)

Government Consultant

Mike Pompeo
Mike Pompeo

Of Counsel

Former U.S. Secretary of State

John W. Sellers
John W. Sellers

Former Senior DOJ Trial Attorney

Linda Julin McNamara
Linda Julin McNamara

Federal Appeals Attorney

Nicholas B. Johnson
Nicholas B. Johnson

Former Prosecutor

Roger Bach
Roger Bach

Former Special Agent (DOJ)

Chris Quick
Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Michael S. Koslow
Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Protections for Cybersecurity Whistleblowers

Several federal laws provide protections for cybersecurity whistleblowers who report data breaches and other cybersecurity vulnerabilities and failures through the appropriate channels. The legal protections afforded under these laws include both confidentiality and protection against retaliatory adverse employment actions, including wrongful discharge.

With that said, resource personnel and other individuals who are interested in serving as cybersecurity whistleblowers must take proactive measures to secure the protections that are available. If you have information about a cyber incident or a company’s failure to comply with federal securities laws or the terms of a federal contract, you must comply with the terms of the relevant federal whistleblower program to ensure your confidentiality and protection against whistleblower retaliation. Our lawyers can help.

We assist cybersecurity whistleblowers with coming forward under the following federal laws:

Dodd-Frank Act

The Dodd-Frank Act is one of two primary federal securities laws (the Sarbanes-Oxley Act being the other) that provide protections for cybersecurity whistleblowers. If you need to report a cybersecurity breach or a failure to adequately address cyber threats involving a publicly traded company, the Dodd-Frank Act may protect you.

Energy Reorganization Act

The Energy Reorganization Act protects cybersecurity whistleblowers in the nuclear industry. If you need to report a failure that introduced cybersecurity vulnerabilities into a nuclear facility or another cybersecurity-related issue that presents a risk to public safety or public health, our lawyers can help you come forward under the Energy Reorganization Act.

False Claims Act

The False Claims Act protects employees of federal contractors who report cybersecurity incidents and cyber fraud. Federal contracts generally require companies to implement protective measures that meet the cybersecurity standards established by the National Institute of Standards and Technology (NIST), and failure to comply with applicable cybersecurity rules can warrant a whistleblower complaint under the False Claims Act.

Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA)

The Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA) provides protections to personnel of financial institutions who report legal violations, including financial institutions’ failure to adequately mitigate cybersecurity risks or implement adequate security breach protocols. Institutions that offer financial products to clients or investors must ensure that they adequately incorporate product cybersecurity as well.

National Defense Authorization Act of 2013

The National Defense Authorization Act of 2013 provides additional protections to employees who report cybersecurity vulnerabilities and other related issues involving federal defense contracts. This includes vulnerabilities that involve sensitive government information, that present risks to national security, or that present any other substantial and specific danger to public health or safety. In cases involving fraud under federal contracts, cybersecurity whistleblowers may have the option of coming forward under the False Claims Act as well.

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act (SOX) protects cybersecurity whistleblowers who report cyber security breaches to the U.S. Securities and Exchange Commission (SEC). In many cases, the SEC will work alongside the U.S. Department of Justice, the U.S. Federal Trade Commission (FTC), and their federal and state law enforcement partners to conduct investigations and hold companies duly accountable.

Whistleblower Protection Act

The Whistleblower Protection Act protects federal government employees who report fraud, waste, and abuse within federal agencies. This includes fraud, waste, and abuse related to cybersecurity vulnerabilities. If you have information about fraud, waste, or abuse related to the government’s cybersecurity obligations, we can help you seek to ensure that the government upholds its duties to the public.

Rewards for Cybersecurity Whistleblowing Under the False Claims Act

Along with protecting cybersecurity whistleblowers against wrongful discharge and other retaliatory adverse employment actions, the False Claims Act also provides financial incentives for coming forward.

Under the False Claims Act, whistleblowers who help the government recover financial losses resulting from fraud, waste, or abuse are entitled to financial rewards ranging from 10% to 30% of the amount recovered. This is true whether an Assistant Attorney General at the DOJ secures a verdict in federal court or a company enters into a settlement with the government to resolve allegations of fraud.

If you are interested in more information about the financial rewards available to cybersecurity whistleblowers under the False Claims Act, here’s what you need to know.

FAQs: Blowing the Whistle on Cybersecurity Vulnerabilities with the Federal Government

What Should I Do if I Am Aware of Cyber Threats or Cyber Fraud Committed By My Company?

If you are aware of cyber threats or cyber fraud committed by your company, we strongly recommend speaking with a cybersecurity whistleblower attorney. In this situation, it is important that you strongly consider coming forward, and an experienced attorney will be able to assist you with securing any protections that are available to you.

What Are the Rules for Cyber Whistleblowing?

If you are interested in reporting a cybersecurity violation or cybersecurity-related fraud to the federal government, the specific rules you need to follow depend on the specific federal agency or department you need to contact. While there are several federal whistleblower programs, each of these programs has its own unique set of filing rules and requirements.

Can Cyber Security Officers and Employees Serve as Whistleblowers?

Generally, cyber security officers and employees can serve as whistleblowers. If you are aware of a material cybersecurity vulnerability, breach, or other issue within your corporate organization, we encourage you to contact us promptly for more information.

What Are the Consequences if I Incorrectly Report My Employer for What I Believed Constituted Fraud?

If you qualify as a cybersecurity whistleblower, you are entitled to protection under federal law regardless of whether your concerns can be verified. As a result, if you incorrectly report your employer for what you believe constituted fraud in relation to a federal cybersecurity contract, you will still be protected against unlawful retaliation.

Can I Report a Cybersecurity Vulnerability or Security Breach to the U.S. Government if I Work for an International Organization?

Yes, if you are aware of a cybersecurity vulnerability or security breach that presents a substantial and specific danger to public health or safety in the United States, or if you are aware of cybersecurity-related fraud perpetrated against the U.S. government, you can file a whistleblower report even if you work for an international organization. Our lawyers are available to represent cybersecurity whistleblowers worldwide.


Contact Us Today

This field is for validation purposes and should be left unchanged.
Terms and Conditions
I accept the Terms and Conditions.(Required)

Impeccable Service

ratingratingratingratingrating

Nick gives you the immediate comfort of feeling 100% protected. He is polite, respectful— and extremely compelling. His legal strategy turned out to be brilliant.

– Marshall M.

View more testimonials

Why Clients Trust Oberheiden P.C.

  • 2,000+ Cases Won
  • Available Nights & Weekends
  • Experienced Trial Attorneys
  • Former Department of Justice Trial Attorney
  • Former Federal Prosecutors, U.S. Attorney’s Office
  • Former Agents from FBI, OIG, DEA
  • Serving Clients Nationwide
Contact Us 888-680-1745 866-781-9539