Site icon Whistleblower Law Collaborative

Verizon Settles Cybersecurity False Claims Act Allegations

Updated NIST Guidelines

image by kjpargeter on Freepik

In another win for the Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative, Verizon Business Network Services LLC (Verizon) has agreed to settle a False Claims Act case alleging cybersecurity failures. According to the press release, Verizon will pay $4 million to settle the claims.  Verizon discovered and self-disclosed its cybersecurity failures which resulted in the False Claims Act case. The settlement is one of several recent successes announced under the government’s Civil Cyber-Fraud Initiative to hold cyber-fraudsters accountable.

This Cybersecurity False Claims Act Case Stems From the Trusted Internet Connections Initiative

The claims in the cybersecurity False Claims Act case stem from the Trusted Internet Connections Initiative (TIC) enacted in 2008. The initial intent of this federal cybersecurity initiative was to consolidate federal networks and standardize perimeter security.  The TIC has been updated in response to evolving technologies to enhance network and data security across the federal government. The Office of Management and Budget (OMB), the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), and the General Services Administration (GSA) oversee the TIC. The Managed Trusted Internet Protocol Service (MTIPS) is one component of the TIC. According to the DOJ, MTIPS provides federal agencies with secure connections to the public internet and other external networks.

Verizon’s Cybersecurity Failures in Performing Government Contracts

The General Services Administration (GSA) awarded several contracts to Verizon during the period from 2017 to 2021. The GSA contracts required Verizon to provide various telecommunications services including, MTIPS, to several federal agencies.  The contracting agencies included the Department of Defense and the Commodity Futures Trading Commission.  According to DOJ, Verizon did not meet three essential cybersecurity controls required by the contracts.

Verizon Received Credit for Self-Disclosing Cybersecurity Failures

At some point, Verizon discovered that it had not met all of the controls required by the contracts. Upon discovering the issues, Verizon promptly self-disclosed them to the government. The company then initiated an independent investigation and compliance review, followed by providing detailed supplemental written disclosures to the government.  According to the government, Verizon continued to cooperate fully with the government’s investigation, demonstrating its commitment to rectify the situation.  As a result of its cooperation, the company earned recognition and credit for working closely with the government. Any company that takes a different approach, and attempts to cover up its cybersecurity failures, can expect to pay much higher penalties.

We Help Whistleblowers Report Cybersecurity Failures Under the False Claims Act

If you know that a government contractor has falsely certified compliance with its cybersecurity requirements, or failed to report a cybersecurity breach, contact us.  Our attorneys include several former federal prosecutors with experience safeguarding sensitive government information.  We can discuss your concerns in a confidential and secure setting. We can also advise you on the best options to prevent critical information and data from falling into the wrong hands.

 

Exit mobile version