Defense Contractors To Pay $8.4 Million To Resolve False Claims Act Allegations Surrounding Non-Compliance With Cybersecurity Requirements
Government/Regulatory Enforcement
This links to the home page
Filters
Recent Posts
Defense Contractors To Pay $8.4 Million To Resolve False Claims Act Allegations Surrounding Non-Compliance With Cybersecurity Requirements
SEC Charges Founder & Associates With Fraud For Allegedly Running A Nearly $200M Ponzi-like Crypto Investment Scheme
Heightened Surveillance And Regulatory Requirements For Virtual Currency Derivatives Exchanges Withdrawn

  • Defense Contractors To Pay $8.4 Million To Resolve False Claims Act Allegations Surrounding Non-Compliance With Cybersecurity Requirements
    05/13/2025
    On May 1, 2025, the U.S. Department of Justice announced an $8.4 million settlement agreement with several defense contract companies (“companies”) resolving alleged violations of the False Claims Act.  The settlement addresses allegations of non-compliance with federal cybersecurity requirements over government contracts and submitting false claims for work on government contracts due to the failure to meet mandated security standards.

    The government alleged that these companies failed to implement the required security controls enumerated in the Defense Federal Acquisition Regulation Supplement (“DFARS”) 252.204-7012 and Federal Acquisition Regulation (“FAR”) 52.204-21. DFARS 252.204-7012 requires contractors to “provide adequate security on all covered contractor information systems,” including cloud computing services.  FAR 52.204-21 requires contractors to apply “basic safeguarding requirements and procedures to protect covered contractor information systems.”  The government claimed that the companies continued to use non-compliant networks while working on government contracts, despite contractual obligations to provide adequate security for covered contractor information systems.

    The settlement agreement states that the companies will pay $8.4 million to the United States, $4.2 million of which is restitution, with $1.5 million to be paid to the whistleblower that first brought the allegations to the government’s attention.  The settlement does not constitute an admission of liability by the companies.

    The settlement reflects key priorities that are likely to continue as the current administration shapes its enforcement agenda.  In particular, pursuit of the False Claims Act and cybersecurity compliance remain a focus, and a key source of risk for government contractors.  In a statement accompanying the announcement, Acting Assistant Attorney General Yaakov Roth of the Justice Department’s Civil Division said, “We will continue our efforts to hold contractors accountable when they fail to honor their DoD cybersecurity commitments,” but it is likely that similar efforts will continue beyond the defense industry as well.
    Categories: CybersecurityDOJEnforcementFalse Claims Act

Links & Downloads