New York-based cyber risk ratings vendor SecurityScorecard has filed a lawsuit against its cyber risk management rival Safe Security for alleged involvement in unfair competition and misappropriating trade secrets. SecurityScorecard has accused its former employee, Mary Polyakova of being a key perpetrator of the embezzlement.
According to the lawsuit, Polyakova retrieved SecurityScorecard’s confidential information like list of customers and prospects, before quitting the company last month and later joining Safe Security in Silicon Valley as its sales vice president. The breach of confidential information was apparently valued at $40 million at SecurityScorecard which includes details of 9,300 customers and prospects.
In a 30-page complaint filed on Tuesday in the Southern District of New York, SecurityScorecard said, “While brazenly touting a ‘revolutionary’ approach to cybersecurity risk management, defendant Safe’s only true ‘revolution’ is its unconstrained reliance upon unlawful skullduggery and unfair competition to build its business.”
Meanwhile, SafeSecurity CEO Saket Modi, refuting the allegations, said that his company’s competitors like SecurityScorecard were laying off many of its employees because of its poor business and this is resorting to legal retribution.
SecurityScorecard shares embezzlement details
According to SecurityScorecard, Polyakova allegedly misappropriated an exhaustive list of the company’s customers and prospects, which included the Master East List and CISO Prospect Lists and later shared the information on her personal email. It claimed that if this customer information was misused by Safe Security, it could damage the business prospects of SecurityScorecard.
The company feared that Safe Security could unlawfully poach its customers, which could harm the business interests of SecurityScorecard. Before joining SafeSecurity, Polyakova had spent four years in SecurityScorecard’s sales organization.
“SSC’s customer and prospect list is the direct result of years of marketing and sales efforts and cannot be replicated through publicly available sources,” the company said. “SSC therefore undertakes considerable efforts to maintain the secrecy of its confidential information, including the Master East List and the CISO Prospect Lists.”
The company alleged that apart from stealing the data and poaching customers, Safe Security used fake accounts to illegally access SecurityScorecard’s customer platform and tried to enhance its own cybersecurity offerings. SecurityScorecard alleged that Safe Security misused this access to quality-check its products and make misleading comparisons on the company’s website,
“Safe has used a shell company or an entirely fake domain to impermissibly access the SSC [SecurityScorecard] platform to perform competitive intelligence gathering,” the company said. “This appears to have included trying: (i) to see the SSC products and services purchased by SSC customers; and (ii) validating SAFE’s own offerings to customers.”
SecurityScorecard Wants End to Unlawful Practices
According to SecurityScorecard, Safe Security, through its actions, would be violating the former’s end-user SaaS agreement, including registration of IP addresses under fake domains.
Safe Security had allegedly launched a webpage to compare its services with SecurityScorecard, the lawsuit alleged.
“On April 9, 2024, Safe’s Co-Founder and Chief Executive Officer, Saket Modi, bragged to SSC’s President, Sachin Bansal, that Safe was interviewing former SSC employees with no real intention of hiring them for open positions,” the company said.
“As proof of these illicit fact-finding endeavors, Mr. Modi touted to Mr. Bansal confidential statistics on SSC’s hiring and restructuring practices,” it added.
SecurityScorecard claimed that Safe Security had conducted fake job interviews with its employees to elicit confidential business information. The company sought monetary damages as well as stay order to stop Safe Security and Polyakova from using or disclosing the alleged stolen information.
“Even when caught in this web of deceptive wrongdoing, Safe has simply adopted a ‘deny, deny, deny’ posture, effectively doubling down on their unlawful conduct,” SecurityScorecard said, and added, “That’s precisely what necessitates the injunctive relief now sought here, to put an immediate end to these unlawful practices and protect SSC’s trade secrets and confidential and proprietary information.”
SecurityScorecard said it had pumped in over $200 million to develop its customer and prospect base and had measures in place to protect its proprietary information.