Whistleblower News & Articles

Home > Whistleblower News & Articles > Whistleblower Law Collaborative Client Settles Landmark Cybersecurity False Claims Act Case

Related Content

Cyber Security Fraud

Cyber security fraud is a growing problem globally and in the United States. Federal regulations and contracts require many government...

Penn State $1.25 Million Cybersecurity Fraud Settlement Yields $250,000 Whistleblower Award

The Department of Justice recently announced a landmark Penn State cybersecurity fraud settlement, with the university agreeing to pay $1.25...

Settlement Announced Under the DOJ’s Civil Cyber-Fraud Initiative

The Department of Justice (DOJ) recently announced a civil cyber-fraud settlement by Jelly Bean Communications Design LLC (Jelly Bean) and...

Updated NIST Guidelines Aim to Simplify Data Protection for Federal Contractors

Contractors that do business with the federal government must adhere to specific guidelines for safeguarding sensitive information. The National Institute...

What Potential Whistleblowers Need to Know About the New Department of Defense Rule (CMMC) for Contractor Cybersecurity

On October 11, 2024, the U.S. Department of Defense (DoD) took a major step to strengthen its contractors’ cybersecurity. The...

Whistleblower Law Collaborative Client Settles Landmark Cybersecurity False Claims Act Case

March 26, 2025

Whistleblower Law Collaborative LLC is pleased to announce that the United States has settled a False Claims Act case brought by one of its clients. Under the terms of the settlement, MORSECORP, Inc. will pay $4.6 million, plus interest, to resolve allegations that it made false representations concerning compliance with required cybersecurity controls for safeguarding sensitive government information.  This settlement is particularly notable because it represents the first major False Claims Act settlement with a defense contractor based on failures to implement required cybersecurity controls. 

MORSECORP d/b/a MORSE (Mission Oriented Rapid Solution Engineering), which is based in Cambridge, Massachusetts, is a defense contractor in the U.S. National Security Ecosystem.  MORSE performed multiple contracts for the Department of the Army and the Department of the Air Force, among other government customers.    

Our Client’s Lawsuit Reveals the Cybersecurity Failures 

The case was brought by our client in January 2023 based on his concerns that MORSECORP had not fully implemented cybersecurity controls required under NIST SP 800-171 for protecting sensitive government data and information. Our client was also concerned that MORSECORP did not have a consolidated system security plan and that MORSECORP was using third-party cloud-based services that did not meet the relevant Federal security requirements.  In addition, our client was concerned that MORSECORP had posted improperly inflated SPRS assessment scores with the Defense Department for its internal cybersecurity practices and policies.   

Our client brought the MORSECORP cybersecurity failures to the attention of the government by filing a cybersecurity qui tam complaint under the False Claims Act. Under the False Claims Act, a private citizen (known as a “relator”) who suspects or knows of fraud against the government can act as a whistleblower and file a sealed complaint on behalf of the government. If the case is successful, the relator is entitled to a share – between 15% and 30% – of the government’s recovery.   

The government investigated the allegations brought to light by our client and, on March 17, 2025, filed a notice of its intention to intervene against MORSECORP for the purpose of settlement.  The Department of Justice further described the case and the $4.6 million settlement on March 25, 2025. 

Federal contractors must fulfill their obligations to protect sensitive government information from cyber threats, We will continue to hold contractors to their commitments to follow cybersecurity standards to ensure that federal agencies and taxpayers get what they paid for, and make sure that contractors who follow the rules are not at a competitive disadvantage.  

         — United States Attorney Leah B. Foley. 

Protecting the integrity of Department of Defense (DoD) procurement activities is a top priority for the DoD Office of Inspector General’s Defense Criminal Investigative Service (DCIS). Failing to comply with DoD contract specifications and cybersecurity requirements puts DoD information and programs at risk. We will continue to work with our law enforcement partners and the Department of Justice to investigate allegations of false claims on DoD contracts.

        — Special Agent in Charge Patrick J. Hegarty, DCIS Northeast Field Office 

Recognition of Outstanding Government Efforts 

Our client expresses his admiration for, and appreciation of, the outstanding efforts of the Commercial Litigation Branch of the U.S. Department of Justice, the U.S Attorney’s Office for the District of Massachusetts, and the relevant investigating agencies for conducting a thorough and prompt investigation which led to the settlement announced yesterday.   

In uniform and out, protecting the national security of the United States has been the focus of my professional career. Becoming a whistleblower was not an easy decision and one I only took when I felt I had no remaining option to protect sensitive government information. The Department of Justice should be commended for acting promptly to investigate and put an end to practices that placed sensitive government information and data at risk of loss or compromise.

          –WLC Client 

Whistleblower Law Collaborative commends the outstanding efforts of their client and the government prosecutors. Attorney Bruce C. Judge praised his client’s willingness to stand his ground on protecting sensitive government information. Mr. Judge also cited his client’s courage in coming forward without regard to the professional and personal risks that can attach to being a whistleblower.  Mr. Judge continued,

[O]ur client drew on his extensive knowledge of the applicable cybersecurity requirements and was able to identify numerous cybersecurity gaps clearly and persuasively to government prosecutors and agents.  

A New Era of Cybersecurity Enforcement in the Defense Industrial Base 

This settlement marks an important milestone in the government’s long-running efforts to bring about cybersecurity compliance in the Defense Industrial Base.  After many years of issuing warnings and relying on self-certifications, the MORSECORP settlement sends a clear signal that government contractors who fail to implement required cybersecurity controls can expect to face significant financial penalties.  It also signals that individuals who bring cybersecurity violations to the government’s attention can receive a share of the government’s ultimate recoveries.   

In 2021, the Department of Justice launched its Civil Cyber-Fraud Initiative aimed at federal contractors who fail to comply with government cybersecurity requirements.  In addition, the initiative targets contractors who fail to report breaches or other cybersecurity incidents. 

We expect the Department of Justice, the Department of Defense, NASA, and other government agencies to continue to investigate and prosecute matters involving failure to implement required cybersecurity controls to safeguard sensitive government information and data. 

If you are aware of situations in which a government contractor: 

  • Has failed to implement the cybersecurity controls required under NIST SP 800-171; 
  •  Has failed to develop and implement a system security plan for any system or network used to process, store and/or transmit CUI or other sensitive government information or data; 
  • Is using third-party cloud-based services which services do not meet the relevant FedRamp security requirements; or 
  •  Has posted misleading or inaccurate SPRS scores for its cybersecurity compliance. 

We urge you tocontact us for a free, confidential consultation.  

Whistleblower Law Collaborative devotes its practice entirely to representing whistleblowers. For more information, contact the firm at 617.366.2800 or email Bruce Judge at bruce@whistleblowerllc.com or David Lieberman at david@whistleblowerllc.com