In the latest Weekly Wright Report:
- Government Contractor Agrees to Pay $9 Million to Resolve False Claims Act Allegations of Cybersecurity Violations
Government Contractor Agrees to Pay $9 Million to Resolve False Claims Act Allegations of Cybersecurity Violations
It seems like every day we hear about another cyberattack or data breach. As a result, the government has become very serious about cyber security and protecting government information and systems. Numerous laws, rules and regulations have been promulgated over the past few years. The Weekly Wright Report has written about cyber security issues in Cyber Security For The Non-Cyber Company and Get A Grip On Your Cyber Security Because The DOD Is Beginning Compliance Reviews. We also wrote about a government contractor that was suspended by the government after a data breach. In that article we advised that it is possible that a government contractor who suffers a data breach could be exposed to a False Claims Act suit if the contractor has falsely certified compliance with applicable cyber security requirements. That has now come to pass.
On Oct. 6, 2021, the Deputy Attorney General announced the Department of Justice’s Civil Cyber-Fraud Initiative, which was intended to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.
On July 8, 2022, the Department of Justice announced a settlement with Aerojet Rocketdyne Inc. (Aerojet) in the amount of $9 million to resolve allegations that Aerojet violated the False Claims Act (FCA). See United States ex rel. Brian Markus v. Aerojet Rocketdyne Holdings Inc., et al., Case No. 2:15-cv-02245-WBS-AC (E.D.Cal.). The alleged violation of the FCA at issue in the case was an alleged misrepresentation of Aerojet’s compliance with cybersecurity requirements in certain federal government contracts. Aerojet provides propulsion and power systems for launch vehicles, missiles and satellites and other space vehicles to the Department of Defense, NASA and other federal agencies. The FCA case was filed and litigated by former Aerojet employee under the qui tam or whistleblower provisions of the FCA. The FCA permits a private party, known as a relator or whistleblower to file a lawsuit on behalf of the United States and receive a portion of any recovery. In this case, the whistleblower will receive $2.61 million as his share of the FCA recovery.
As we have previously advised, FCA exposure can exist from current or former employees, subcontractors, vendors, professional FCA relators or the government. Given the large potential recoveries, there is a serious incentive for whistleblowers to come forward. Compliance with cybersecurity laws, rules, regulations and contract provisions is an absolute must for all government contractors. If you need assistance with compliance issues please contact any member of the Government Contracts practice group.