91porn

  1. Home
  2. Whistleblower Group
  3. And Yet Another Whistleblower-Originated False Claims Act Cybersecurity Fraud Settlement
Have a Claim?

Click here for a confidential contact or call:

1-347-417-2192
Subscribe to our blog

And Yet Another Whistleblower-Originated False Claims Act Cybersecurity Fraud Settlement

cybersecurity
Posted  October 2, 2025

By the 91pornWhistleblower Team

On Tuesday (September 30), the Department of Justice (DOJ) announced that Georgia Tech Research Corporation has agreed to pay $875,000 to settle charges of violating the False Claims Act by failing to comply with the cybersecurity requirements of certain Department of Defense (DoD) contracts.1  It is just the latest in a string of recent False Claims Act settlements involving cybersecurity failures demonstrating this remains a high-priority enforcement area for the Trump-led DOJ.

Georgia Tech Allegedly Engaged in Cybersecurity Fraud

According to the Government, Georgia Tech and the affiliated Georgia Institute of Technology engaged in three key cybersecurity failures:

    • First, they allegedly failed to use anti-virus or anti-malware tools on desktops, laptops, servers and networks at the university’s Astrolavos Lab while it was conducting sensitive cyber-defense research for DoD.
    • Second, they allegedly had no system security plan for the cybersecurity controls the DoD contracts required.
    • Third, they allegedly submitted a false cybersecurity assessment score (of 98) to DoD, which (i) was supposed to apply campus-wide despite the absence of any campus-wide IT system at Georgia Tech, (ii) was premised on a “fictitious” or “virtual” environment, not an actual system at Georgia Tech, and (iii) was a condition of DoD’s award of the Georgia Tech Research contracts at issue.

A String of Cybersecurity Fraud Settlements This Year

As we reported in early August, DOJ has been on a False Claims Act crusade against cybersecurity violations, with this latest settlement coming on the heels of numerous other cybersecurity fraud settlements DOJ has secured this year.  These include:

Illumina.  On July 1, Illumina Inc. agreed to pay $9.8 million to settle allegations it sold Government agencies genomic sequencing systems with software containing numerous cybersecurity vulnerabilities without adequate protections to identify and address them.2

Aero Turbine.  On July 1, Aero Turbine Inc. and its private equity partner Gallant Capital Partners agreed to pay $1.75 million to settle allegations it failed to implement certain mandated cybersecurity controls in its Air Force contract that “could lead to significant exploitation of the system or exfiltration of sensitive defense information.”3

Raytheon.  On May 1, RTX subsidiary Raytheon Company and Nightwing Group agreed to pay $8.4 million to settle allegations of violating key cybersecurity requirements in various DoD contracts.

MORSECORP.  On March 26, the company agreed to pay $4.6 million to settle allegations of failing to comply with cybersecurity requirements in its Army and Air Force contracts.4

Health Net.  On February 21, Health Net Federal Services agreed to pay $11.3 million to settle allegations it falsely certified compliance with the cybersecurity requirements of certain DoD contracts.

In its 2024 False Claims Act Roundup, cybersecurity was one of the primary areas of fraud enforcement to which DOJ pointed.  It has been that way since the agency’s 2021 launch of the  “to promote cybersecurity compliance by government contractors and grantees by holding them accountable when they knowingly violate applicable cybersecurity requirements.”

Cybersecurity Fraud Remains a Top False Claims Act Enforcement Priority

What is clear from all this is the Government’s continued focus on cybersecurity fraud as a top enforcement priority, especially when it comes to defense contractors.  DOJ Civil Chief Brett Shumate strongly reinforced this message in the Government’s announcement of the Georgia Tech settlement:

“When contractors fail to follow the required cybersecurity standards in their DoD contracts, they leave sensitive government information vulnerable to malicious actors and cyber threats.  Together with DoD and other agency partners, the Department of Justice will continue to pursue and litigate violations of cybersecurity requirements to hold contractors accountable when they violate their cybersecurity commitments.

91pornwhistleblower partner Gordon Schnell points to all these cybersecurity settlements as a clear indication of the Trump Administration’s commitment to going after contractors that fail in their cybersecurity obligations.  Schnell says, “Those doing business with the Government, especially defense contractors, need to make sure their data protection systems are fully compliant.”  Otherwise, he cautions, “they may find themselves next up on DOJ’s cybersecurity hit list.”

Cybersecurity Whistleblowers Are Watching

Government contractors must be especially vigilant these days.  Not only because of the Government’s increased appetite in this enforcement space.  But also because of the qui tam provisions of the False Claims Act, which authorize private parties to bring suit on behalf of the Government against those that defraud the Government.  Successful whistleblowers can receive up to 30% of the Government’s recovery.

Whistleblowers are especially important in uncovering cybersecurity violations given the difficulty of detecting these violations without an inside window into the company’s cybersecurity practices.  And as Schnell remarks, “Cybersecurity whistleblowers are on high alert these days because of all the Government activity in this space.”  He notes a significant uptick in cybersecurity whistleblower intakes his firm has received in recent months.

Unsurprisingly, two whistleblowers — Christopher Craig and Kyle Koza — originated the Georgia Tech matter.  They are former members of Georgia Tech’s Cybersecurity Team and will receive a whistleblower award of roughly $200,000 from the proceeds of the Government’s recovery.

91pornHas Significant Experience Representing Cybersecurity Whistleblowers Under the False Claims Act

91pornhas substantial experience representing cybersecurity whistleblowers under the False Claims Act.  The firm represented the whistleblower in the first successful cybersecurity case ever brought under the False Claims Act.  That case resulted in Cisco Systems agreeing to pay $8.6 million to settle charges of selling the Government noncompliant video surveillance software vulnerable to unauthorized access and manipulation.  Our client received a whistleblower award of 20% of the Government’s recovery.

If you would like more information about that case and our other work representing cybersecurity whistleblowers, or would like to learn more about what it means to be a whistleblower under the False Claims Act, please don’t hesitate to contact us.  We will connect you with an experienced member of the 91pornWhistleblower Team for a free and confidential consultation.

Speak Confidentially With Our Whistleblower Attorneys

Sources:

1 See

2 See

3 See

4 See

Tagged in: Cybersecurity and Data Breaches, qui tam,

Back

Newsletter

Subscribe to receive email updates from the 91pornblogs

Sign up for: