Penn State to Pay $1.25M to Settle Claims of False Cybersecurity Compliance
The Pennsylvania State University has agreed to pay $1,250,000 to settle claims that it violated the False Claims Act by failing to comply with cybersecurity requirements in 15 contracts involving the Department of Defense (DoD) or National Aeronautics and Space Administration (NASA). The settlement involves allegations that Penn State failed to implement cybersecurity controls required by DoD and NASA between 2018 and 2023 and did not adequately develop and implement plans of action to correct deficiencies it identified. The claims resolved by the settlement are allegations only and there has been no determination of liability.
The lawsuit was filed under the whistleblower provisions of the False Claims Act, which allow private parties to sue on behalf of the government when they believe that a defendant has submitted false claims for government funds and receive a share of any recovery. The whistleblower, Matthew Decker, former Chief Information Officer for Penn State’s Applied Research Laboratory, will receive a $250,000 share of the settlement amount.
The United States alleged that Penn State submitted cybersecurity assessment scores to DoD that reflected it had not implemented certain controls, but misrepresented the dates by which it would implement them and did not pursue plans of action to do so. The United States also alleged that in performing certain contracts and subcontracts, Penn State did not use an external cloud service provider that met DoD’s security requirements for covered defense information.
“Federal contractors who store or access covered defense information must take required steps to protect that sensitive information from bad actors,” said U.S. Attorney Romero. “As our cyber adversaries become increasingly sophisticated, the importance of cybersecurity in safeguarding Department of Defense research, development and acquisitions information cannot be overstated,” said Special Agent in Charge Greg Gross, Naval Criminal Investigative Service Economic Crimes Field Office.
This settlement was the result of a coordinated effort that involved the US Attorney’s Office for the Eastern District of Pennsylvania, the Justice Department and the Department of Defense.
Related topics: