Defense Contractor Pays $9M to Settle False Claims Act Whistleblower Lawsuit Involving Cybersecurity Noncompliance

Qui tam whistleblower alleged that Aerojet Rocketdyne misled the government regarding its compliance with cybersecurity standards

Defense contractor Aerojet Rocketdyne (NYSE: AJRD) has agreed to pay $9 million to settle allegations it violated the False Claims Act by falsely certifying its compliance with federal cybersecurity requirements in connection with multiple procurement contracts with the Department of Defense (DOD) and the National Aeronautics and Space Administration (NASA).  The qui tam relator whose whistleblower complaint exposed the alleged fraud will receive a whistleblower award of $2.61 million.

Critical Cybersecurity Deficiencies

Aerojet manufactures aerospace and defense products, including systems and components for precision munitions and satellites. Its main customers are U.S. government agencies like the DOD and NASA.

U.S. government defense procurement contracts require that federal contractors adhere to certain cybersecurity standards designed to prevent unauthorized access and disclosure of controlled or sensitive information stored on the contractor’s computer system.  Those standards are mandated by regulation and incorporated into the contracts.

The Aerojet qui tam whistleblower—a former director of cybersecurity compliance & controls at the company—alleged that Aerojet provided defense products to the government under multiple contracts and subcontracts despite knowing that its computer systems did not meet DOD and NASA cybersecurity requirements.  According to the complaint, Aerojet falsely certified its compliance to secure the contracts and, when asked by the government, misled it as to the cybersecurity software and hardware that it had on its systems.  Contrary to its certifications and statements, however, Aerojet’s systems were noncompliant, deficient, and vulnerable to cyberattack.

The whistleblower alleged that he brought the cybersecurity noncompliance issues to the attention of management.  Nevertheless, the company failed to provide him with the resources necessary to correct the deficiencies.  Instead, it fired him in retaliation for refusing to execute false certifications of compliance to the government.   The whistleblower also alleged that Aerojet management concealed the cybersecurity issues from its board of directors.

Violations of the False Claims Act Based on False Cybersecurity-compliance Certifications

Although False Claims Act lawsuits involving fraud by government contractors are common, the Aerojet case is the first known instance of a settled False Claims Act lawsuit based on contractor’s cybersecurity compliance.  In refusing to dismiss the whistleblower’s complaint, the court found that Aerojet’s false certifications of compliance were material to the government’s decision to contract with Aerojet and to pay its invoices, which constituted “false claims” for payment under the False Claims Act.

Notably, the Department of Justice (DOJ) recently launched a Civil Cyber-Fraud Initiative to encourage whistleblowers to come forward with cybersecurity-related False Claims Act lawsuits involving deficiencies that threaten to leave government information or networks open to breaches or hacker attacks.  The DOJ is also on the lookout for contractors that are knowingly violating their obligations to monitor and report cybersecurity breaches or attacks.

Fighting Fraud on the Public

Congress originally enacted the False Claims Act during the Civil War to combat fraud by contractors supplying the Union Army.  The statute imposes substantial liabilities on parties who knowingly defraud the federal government or its agencies.  Its qui tam (whistleblower) provisions allow private parties to sue wrongdoers and share in the proceeds.  If a claim is successful, qui tam whistleblowers under the False Claims Act receive awards of 15-30% of the recovery.

If you have information regarding noncompliant cybersecurity practices by a government contractor, be sure to confer with an experienced whistleblower attorney to discuss the specifics of your matter and the likelihood of asserting a successful whistleblower claim.  With cyberattacks on the rise and the federal government increasingly vigilant about cyberthreats, cybersecurity-related whistleblower lawsuits under the False Claims Act are likely to become a priority for the government.  Reach out to federal procurement whistleblower attorney Mark A. Strauss for a free and confidential consultation.

Written by

Mark A. Strauss律师

Mark is a battle-hardened and tenacious anti-fraud attorney with more than twenty years of experience in complex civil litigation. He has represented qui tam whistleblowers under the False Claims Act as well as victims of fraud under the federal securities laws and the Racketeer Influenced and Corrupt Organizations Act (RICO). His efforts have resulted in the recovery of hundreds of millions of dollars for clients.

Share This Post

Written by

Mark A. Strauss律师

Mark is a battle-hardened and tenacious anti-fraud attorney with more than twenty years of experience in complex civil litigation. He has represented qui tam whistleblowers under the False Claims Act as well as victims of fraud under the federal securities laws and the Racketeer Influenced and Corrupt Organizations Act (RICO). His efforts have resulted in the recovery of hundreds of millions of dollars for clients.

Free Consultation

Call or Text Now

Click Here to Email Us

Free Consultation

Call or Text Now

Click Here to Email Us