On July 31, 2025, the United States Department of Justice (DOJ) announced a pair of settlements with companies accused of having violated the False Claims Act (FCA) by falsely representing their compliance with certain cybersecurity requirements applicable to federal contractors. These two settlements highlight key aspects of DOJ’s enforcement priorities: (1) DOJ’s strong focus on enforcing the FCA in the cybersecurity space, and (2) DOJ’s willingness to reward companies that self-disclose violations. All government contractors certifying compliance with regulatory and contractual requirements must stay vigilant and take the steps needed to comply.
In one press release, DOJ announced a $9.8 million settlement with Illumina Inc., alleging that the company sold genomic sequencing systems with cybersecurity vulnerabilities to certain federal agencies and did not have an adequate product security program or sufficient systems to identify and address these vulnerabilities. This settlement arose out of a qui tam action filed by a former Illumina employee in the United States District Court of Rhode Island.[1] According to DOJ, between February 2016 and September 2023, Illumina knowingly failed to incorporate sufficient cybersecurity protections and falsely represented that its software adhered to cybersecurity standards, including standards of the International Organization for Standardization and National Institute of Standards and Technology. While Illumina denied these...
Welcome to Reality Check, a newsletter that helps you keep track of the false claims and online conspiracy theories that shape our world — and who’s behind them. If you think exposing distortions a...