Skip to Content
415-441-8669 | TOLL FREE: 888-50EVANS

PHONE: 415-441-8669 | TOLL FREE: 888-50EVANS

Oct 9, 2024 by |

San Francisco Whistleblower Attorney: False Claims Act And The Perils of Cybersecurity Non-Compliance

ATTORNEY NEWSLETTER

Government Contracts Compliance Obligations

Government Intervenes In Whistleblower Case

How Whistleblower Cases Work Under The False Claims Act

Government contracts typically include multiple specifications and other requirements to which the government expects strict adherence by the contractor in return for payments under the contract.  Where sensitive or confidential information is involved, the contract may include strict cybersecurity protocols and safeguards.  Cybersecurity is a particular concern in many Defense Department contracts.  Knowing failure to fulfill contractual obligations or falsely representing compliance with government regulations, of any nature including cybersecurity obligations, may violate the False Claims Act.  See False Claims Act (FCA), 31 U.S.C. §§ 3729 et seq.  Individuals with knowledge of knowing violation of contract provisions including cybersecurity security provisions, may bring an action (called a “qui tam” case) on behalf of the government for the fraud perpetrated against the government. Rewards for the individuals (referred to as “relators”) bringing the actions can equal 15-30% of the amount recovered.  31 U.S.C. § 3730(d).  If you have credible information for a false claims whistleblower case on behalf of the federal government in San Francisco or elsewhere in California, call us today at (415)441-8669 and we can help. Our toll-free number is 1-888-50EVANS (888-503-8267).

Recent Case Example[1]

The U.S. Department of Justice (DOJ) recently filed a complaint-in-intervention in a previously filed whistleblower suit under the qui tam provisions of the False Claims Act (FCA) against a large university and its technology and research-related affiliated groups for falsely representing its compliance with Department of Defense (DoD) cybersecurity requirements. Former and current employees for defendants brought the initial whistleblower lawsuit.  The lawsuit alleges that defendants violated DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting (clause 7012) and DFARS 252.204-7019 NIST SP 800-171 DoD Assessment Requirements (clause 7019), which require contractors to provide “adequate security” for “covered contractor information systems”—unclassified information systems that process, store, or transmit controlled unclassified information or controlled technical information and to have assessment controls in place to monitor all cybersecurity systems in place.

DOJ’s complaint alleges that the defendant university’s research lab, which possessed nonpublic sensitive DoD information, “failed to: (1) develop or implement a system security plan outlining how it would protect from unauthorized disclosure covered defense information in its possession; and (2) install, update, and run antivirus software on servers, desktops, and laptops in the lab which had access to nonpublic DoD information.” The government also maintains that defendants knowingly misrepresented the lab’s compliance with applicable cybersecurity regulations and that they knew the “score” they reported to the government on cybersecurity assessment was false even though employees had warned them that providing that score would be false and misleading.

Starting A Qui Tam Action

Any False Claims Act whistleblower case begins by a relator filing a complaint under seal in the federal court usually for the United States District Court for the district where defendant is located or does business. At the same time, the relator submits a disclosure to the DOJ outlining the material evidence the relator has of the alleged false claims. 31 U.S.C. § 3730(b). The seal period of the complaint lasts 60 days during which the DOJ investigates the claims.  31 U.S.C. § 3730(b)(2). (If necessary, the government can, and often does, extend the 60-day period during which the allegations are kept under seal.)  If the government decides to intervene in the case, the government essentially takes over the litigation. 31 U.S.C. § 3730(c)(1).   If the government declines to intervene, the relator may proceed with the litigation on his or her own.  31 U.S.C. § 3730(c)(3).

Contact Us

If you have credible information of government fraud in San Francisco or elsewhere in California, call Ingrid M. Evans at (415) 441-8669, or toll-free at 1-888-50EVANS (888-503-8267) or by email at <a href=”mailto:info@evanslaw.com”>info@evanslaw.com</a>.  In addition to FCA and CFCA whistleblower cases, Ingrid and Evans Law Firm, Inc. also handle bank fraud whistleblower cases under FIRREA/FIAFEA, commodity trading and securities fraud under the Commodities Futures Trading Commission Whistleblower Program and the Securities and Exchange Commission Whistleblower Program, and tax fraud under the Internal Revenue Service Whistleblower Program. 

[1] Evans Law Firm, Inc. was not involved in the case in any way. 

Law Dragons 500 badge Million Dollar Advocates Forum SuperLawyers Badge Best Lawyers Badge Avvo

Our Passion For Justice

415-441-8669 888-50EVANS

Hear What Our Clients Have To Say

"I highly recommend Ingrid and her law firm. If you are looking for an attorney who is a great listener, a compassionate advocate and who really knows the law, this should be your first stop."
Posted By: Phil Blank

Read More Reviews