Takeaways: Uncertainties over threats of cyberattacks resulted in both the House and Senate passing CIRCIA, which created an opportunity for whistleblowers to come forward under the False Claims Act with information about agencies and contractors failing to report cybersecurity breaches in a timely manner. Following CIRCIA, Congress voted to pass the Better Cybercrime Metrics Act to help analyze the effectiveness of cybercrime reporting.
President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) on March 15, 2022.[1] This Bipartisan Act, which passed both the House and Senate after fears of retaliatory cyberattacks from Russia, requires owners and operators of critical infrastructure to report specific incidents to the Cybersecurity Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. These two obligations require:
These reporting requirements are not in effect immediately, and companies have some time to put the proper reporting systems in place. Once in effect, this Act creates an opportunity for potential whistleblowers who have knowledge of a failure to report cybersecurity breaches to CISA in a timely manner. Whistleblowers can take advantage of a failure to report under the False Claims Act through a Qui Tam lawsuit.
Following the passage of CIRCIA, on March 30,...
Quince is looking to sidestep a proposed class action lawsuit accusing it of “defraud[ing] customers as to the value of thousands of … products sold on its website.” In a newly filed motion to dis...