In addition to all of the other risks, liabilities and exposures arising from cybersecurity concerns, you can now add the possibility of a whistleblower action for cybersecurity fraud. According to a July 31, 2019 press release from counsel for the whistleblower involved (here), Cisco Systems has agreed to an $8.6 million settlement in what the press release claims is the “first cybersecurity whistleblower case ever successfully litigated under the False Claims Act.” Cisco has agreed to pay the amount to settle allegations that the company knowingly sold vulnerable and defective video surveillance software to federal, state, and local government agencies, exposing the systems to unauthorized access. As discussed below, this development even further expands the range of concerns companies must take into account when assessing their cybersecurity exposures. An August 12, 2019 memo from the Jones Day law firm about the settlement and its implications can be found here.
Continue Reading Cybersecurity Whistleblower Claim under the False Claims Act Settled
D&O Insurance: Regulatory Exclusion Precludes Coverage for Relator’s Qui Tam Action
As I have noted in prior posts, “qui tam actions” under the False Claims Act often fit uncomfortably with typical D&O insurance policy terms and provisions. For example, the procedure whereby qui tam actions are filed but not immediately served raise questions of the claims made date (as discussed here), and with respect
Management Liability Insurance: If a Qui Tam Action is a Claim, When is it “First Made”?
The federal False Claims Act imposes liability on those who defraud the government. The law also allows third-parties to bring so-called qui tam actions in the form liability claims under the Act; if the qui tam actions are successful, the third-party can receive a portion of the recovery. When a third-party files a qui tam