Amid ongoing policy shifts in Washington, the federal government’s interest in pursuing civil cyber-fraud cases appears to be here to stay. In October 2021, the Department of Justice (DOJ) initiated its Civil Cyber-Fraud Initiative focused on using the False Claims Act (FCA) “to combat new and emerging cyber threats to the security of sensitive information and critical systems,” and DOJ’s efforts to pursue civil cyber-fraud continue under the Trump administration. For example, on March 26th, the DOJ announced a FCA settlement with a Massachusetts company focused on the company’s cybersecurity program and representations made in connection with its Department of Defense contracts as well as FedRAMP[1] and DFARS[2] requirements.
The company agreed to pay $4.6 million to settle the government’s claims, and the relator who filed the qui tam complaint that gave rise to the investigation will receive about $850,000 of the settlement amount. The company also must pay $198,000 for attorney’s fees and expenses, as required by the FCA.
The settlement agreement revealed additional details regarding the cybersecurity issues underlying this matter. As is customary in a settlement agreement with the Boston U.S. Attorney’s Office, the company “admit[ted], acknowledge[d], and accept[ed] responsibility” for four principal violations, each of which provides a valuable lesson to any company subject to the FCA:
After nearly a week of protests in Los Angeles against recent federal immigration enforcement sweeps in the city, President Trump doubled down on his administration’s efforts to detain and deport ...