A bombshell lawsuit is raising eyebrows in the cybersecurity industry.

A former cybersecurity forensic examiner named Richard Wallace is claiming that his former employer — cybersecurity company Tiversa — "would typically make up fake data breaches to scare potential clients," CNNMoney reports.

Wallace claims that Tiversa would routinely do this then "pressure firms to pay up" by buying its cybersecurity services, according to a federal courtroom transcript obtained by CNNMoney. This came to a head when Tiversa allegedly approached cancer testing services company LabMD about a supposed hack. LabMD refused to buy into Tiversa’s services, so Tiversa allegedly reported the cancer-testing company to the FTC for having a data breach.

According to Tiversa, things went differently.

"LabMD requested the Statement of Work (SOW) from Tiversa and never actually refused services," Tiversa told Business Insider in an email. "The communication with LabMD stopped in mid 2008. The FTC came to Tiversa in August 2009. LabMD's name was never mentioned in any of the conversations...We returned the file to LabMD in this same fashion, no charge, no expectation of any payment. LabMD then asked Tiversa to perform additional services and requested, via email, that Tiversa send them an SOW. LabMD never moved forward with the services. This was no concern to Tiversa."

This lawsuit raises some potentially worrisome issues about practices in the cybersecurity industry.

Dave Aitel, CEO of the cybersecurity company Immunity Inc., thinks this to be an exceptional case. "It’s the general rule in the industry that you don’t approach people like that," Aitel told Business Insider. "You don’t go up to a company and say 'hey you’ve been penetrated,'" he added.

Companies that do are generally considered "scam-ier" by the rest in the business, Aitel said, adding "[cybersecurity] is a really small industry."

Perhaps more important, at least to smaller security firms, is the FTC's confrontation with LabMD. In cases where a breach is alleged, it’s hard to know the real culprit.

"It could be a third party… There’s a hundred different things it could have been," Aitel said. "Even when it looks like your fault it might not be your fault."

Tiversa, which has allegedly helped with breach investigations of "nearly 100 companies," told CNNMoney that Wallace’s claims are "baseless." Tiversa told Business Insider that the former employee's claims are "complete fabrications."

"Wallace did make serious allegations regarding Tiversa," the company's CEO, Robert Boback, told Business Insider in an email. "And we intend to fully address those allegations in the litigation that we filed last year against Wallace, Daugherty, and Cause of Action alleging defamation and collusion."