91porn

  1. Home
  2. Whistleblower Group
  3. DOJ Continues False Claims Act Crusade Against Cybersecurity Violations: More Cybersecurity Whistleblowers Wanted
Have a Claim?

Click here for a confidential contact or call:

1-347-417-2192
Subscribe to our blog

DOJ Continues False Claims Act Crusade Against Cybersecurity Violations: More Cybersecurity Whistleblowers Wanted

cybersecurity
Posted  August 6, 2025

By the 91pornWhistleblower Team

Last Thursday (July 31), the Department of Justice (DOJ) announced the settlement of two False Claims Act cases involving cybersecurity fraud.  The first, against California-based Illumina Inc., involved allegations the company sold federal agencies certain genomic sequencing systems with cybersecurity vulnerabilities.1  The second, against California-based defense contractor Aero Turbine Inc. and its private equity partner Gallant Capital Partners, involved allegations Aero Turbine violated the cybersecurity requirements in a contract it had with the Air Force.2

DOJ Adds To the String of Recent Cybersecurity Fraud Settlements

Illumina agreed to pay $9.8 million to settle its False Claims Act matter.  Aero Turbine and Gallant agreed to pay $1.75 million to settle their False Claims Act matter.  The relatively low settlement number for Aero Turbine and Gallant is because of the “significant steps” they took in cooperating with the Government.  These two matters are just the latest in a string of recent cybersecurity False Claims Act matters, reinforcing that going after cybersecurity fraud remains a top enforcement priority for the Trump Administration.

Government Flags Cybersecurity Vulnerabilities in Illumina’s Genomic Sequencing Systems

In the Illumina matter, the Government alleged the company sold Government agencies genomic sequencing systems with software containing numerous cybersecurity vulnerabilities without adequate protections to identify and address them.  The Government provided the following examples:

    • A failure to incorporate product cybersecurity in its software design, development, installation, and on-market monitoring.
    • A failure to properly support and resource personnel, systems, and processes tasked with product security.
    • A failure to correct design flaws that introduced cybersecurity vulnerabilities.
    • Falsely representing the genomic sequencing system software adhered to cybersecurity standards, including standards of the International Organization for Standardization and National Institute of Standards and Technology (NIST).

Government Alleges Aero Turbine Failed to Implement NIST Cybersecurity Controls and Disclosed Defense Data Without Authorization

In the Aero Turbine matter, the Government alleged the company failed to implement certain NIST cybersecurity controls (under Special Publication 800-171 relating to confidential Government information) in its Air Force contract that “could lead to significant exploitation of the system or exfiltration of sensitive defense information.”  The Government further alleged Aero Turbine and Gallant provided sensitive defense information to an Egyptian software company not authorized under the Air Force contract to receive it.

Cybersecurity Fraud Remains A Top DOJ Enforcement Priority

In announcing the settlements, a chorus of Government officials stressed the critical importance of maintaining proper cybersecurity controls and complying with all cybersecurity standards, and the Government’s commitment to go after federal contractors that do not play by these cybersecurity rules:

    • “This settlement underscores the importance of cybersecurity in handling genetic information and [DOJ’s] commitment to ensuring that federal contractors adhere to requirements to protect sensitive information from cyber threats.” [DOJ Civil Chief Brett Shumate]
    • “Safeguarding the validity of Department of Defense research and data is vital to supporting the warfighter.” [DoD Special Agent Christopher Silvestro]
    • “Protecting the integrity of the Department of Defense (DoD) procurement processes is a top priority for the DoD.” [DoD OIG Director Kelly Mayo]
    • “HHS-OIG and our law enforcement partners remain dedicated to ensuring that entities who do business with the Government uphold their cybersecurity obligations.”  [HHS-OIG Special Agent Roberto Coviello]
    • “Ensuring companies adhere to robust cybersecurity safeguards is integral to maintaining the Air Force’s operational edge against adversaries.” [Air Force Special Agent Caroline Galinis]

As we noted in our May 2025 post (“Trump Administration Signals Strong Commitment to Stopping Cybersecurity Fraud”), the Government has brought several cybersecurity enforcement actions this year demonstrating its continued commitment to using the False Claims Act to go after cybersecurity fraud.  In that post, we reported on DOJ’s May 1 settlement with RTX subsidiary Raytheon Company and Nightwing Group where they agreed to pay $8.4 million to settle charges of violating key cybersecurity requirements in various Department of Defense contracts.

We also noted that in its 2024 False Claims Act Roundup, DOJ highlighted cybersecurity failures as a primary focus of fraud enforcement.  This has been a priority area since the agency’s 2021 launch of the  “to promote cybersecurity compliance by government contractors and grantees by holding them accountable when they knowingly violate applicable cybersecurity requirements.”

Whistleblowers Are Critical to Uncovering Cybersecurity Violations

91pornwhistleblower partner Gordon Schnell commented that with all these enforcement actions, “there seems little doubt the Trump Administration is committed to cracking down on contractors that fail in their cybersecurity obligations.”  In an article he wrote last year for Washington Technology, Schnell cautioned that “those doing business with the Government would be wise to get their data protection systems in order or they may find themselves next up on DOJ’s cybersecurity hit list.”

With these two most recent settlements, Schnell sees no slowing down in the Government’s focus on cybersecurity fraud.  And as these cases make clear, the Government is willing to go after security failures even when they do not necessarily result in an actual breach.  The risk of a security breach is enough for the Government to take action.

Like most False Claims Act cases, the Illumina action originated with a whistleblower lawsuit under the qui tam provisions of the statute, which allow private parties to bring lawsuits on behalf of the Government against those that defraud the Government.  In return, successful whistleblowers can receive up to 30% of the Government’s recovery.

Illumina Whistleblower Erica Lenore to Receive $1.9 Million Award

The Illumina whistleblower was Erica Lenore, Illumina’s former Director for Platform Management.  She will receive a whistleblower award of $1.9 million from the proceeds of the Government’s recovery.

Over the past 30 years, whistleblowers have received almost $10 billion in whistleblower awards under the False Claims Act.  Whistleblowers play an especially critical role in uncovering cybersecurity fraud given the lack of visibility into the cybersecurity protocols most companies follow.  While there is no indication a whistleblower originated the Aero Turbine action, given the voluntary nature of the company’s disclosure to the Government, there is a strong likelihood a whistleblower was involved internally in bringing the misconduct to the company’s attention.

91pornRepresents Cybersecurity Whistleblowers Under the False Claims Act

91pornhas substantial experience representing cybersecurity whistleblowers under the False Claims Act.  Indeed, the firm represented the whistleblower in the first successful cybersecurity case ever brought under the False Claims Act.  That case resulted in Cisco Systems agreeing to pay $8.6 million to settle charges of selling the Government noncompliant video surveillance software vulnerable to unauthorized access and manipulation.  Our client received a whistleblower award of 20% of the Government’s recovery.

If you would like more information about that case and our other work representing cybersecurity whistleblowers, or would like to learn more about what it means to be a whistleblower under the False Claims Act, please don’t hesitate to contact us.  We will connect you with an experienced member of the 91pornWhistleblower Team for a free and confidential consult.

Speak Confidentially With Our Whistleblower Attorneys

Sources:

1 See

2 See

Tagged in: Cybersecurity and Data Breaches, False Claims Act, qui tam,

Back

Newsletter

Subscribe to receive email updates from the 91pornblogs

Sign up for: