After Six Years, Two Pentesters Arrested in Iowa Receive $600,000 Settlement

Two cybersecurity professionals were arrested in an Iowa courthouse while conducting a security test for the state's court system. The incident occurred on September 11, 2019, after they triggered alarms while attempting a penetration test. County deputies detained Justin Wynn and Gary De Mercurio, employees of Coalfire Labs, who explained their authorized testing activities. Despite state officials confirming the test, the sheriff arrested them on burglary charges. The charges were later reduced and then dropped, but the arrests caused significant reputational damage. The men subsequently sued Dallas County for the wrongful arrest and related damages. The county has now agreed to pay a $600,000 settlement to settle the lawsuit. The cybersecurity professionals stated their work was authorized and in the public interest. They claim the arrest undermined public safety by discouraging vulnerability testing. The county attorney, however, maintains the sheriff acted correctly and will prosecute similar future incidents. This case highlights the complexities of authorized security testing and the potential for legal repercussions.