Software Provider and DOJ Reach $8.6M Settlement for FCA Case Involving Alleged Cyber Security Shortcomings

Dorsey & Whitney LLP

Dorsey & Whitney LLP

Amid increased public and government attention to cyber security, a qui tam plaintiff’s lawsuit has resulted a large settlement for a government contractors’ purported misrepresentations regarding compliance with government cyber security standards. In what is believed to be the first-of-its-kind settlement of an FCA claim premised upon cyber security misrepresentations, Cisco Systems recently agreed to pay $8.6 million to the federal and state governments.

The case, United States of America v. Cisco Systems, involved allegations from a former-subcontractor whistleblower that Cisco Systems knowingly sold video monitoring technology containing security flaws to the United States, eighteen states, and the District of Columbia. See Complaint, Case No. 11-cv-400 (W.D.N.Y. May 5, 2011). According to the whistleblower, the security flaws to the video monitoring technology created a backdoor to the system, enabling a potential user to gain unauthorized access to the entire network of a federal agency, take control of or bypass an agency’s physical security systems, or even allow an unauthorized user to obtain administrative access to the system to make modifications. Id. Notwithstanding its awareness of the security flaws, and knowing that the disclosure of the security flaws would have prevented the federal government from purchasing the video monitoring technology, the Relator alleged that Cisco Systems withheld information regarding the security flaws from multiple federal and state agencies to which it sold the video monitoring technology. Id.

On July 31, 2019, the federal government, fifteen states, and the District of Columbia settled the claims against Cisco Systems. Pursuant to that agreement, Cisco Systems will pay $2.6 million to the federal government to resolve the FCA claims and approximately $6 million to state governments to resolve similar state law fraud-in-contracting claims.  Cisco framed the settlement as a “partial refund” to the governments involved, and did not explicitly admit liability.  The company acknowledged that “times and expectations have changed.”

The settlement may be a harbinger of more cyber security claims to come. Information security has become an increasingly prominent component of all government contracts, extending well beyond contracts in the information technology space. Government contractors will therefore be increasingly required to abide by the security standards imposed by the Federal Information Security Management Act and related regulations when selling products to the government. The recent seven-figure settlement emphasizes the government’s interest in pursuing FCA actions premised upon cyber security shortcomings, and serves as a reminder to government contractors to be mindful of their cyber security compliance obligations.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dorsey & Whitney LLP | Attorney Advertising

Written by:

Dorsey & Whitney LLP

Dorsey & Whitney LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.