September 14, 2023. Verizon Business Network Services LLC (Verizon) has agreed to an over $4 million settlement to resolve allegations that it violated the False Claims Act by failing to meet the government’s cybersecurity standards. Verizon’s Managed Trusted Internet Protocol Service (MTIPS), which is at the heart of the settlement agreement, ensures that federal agencies can connect to public internet and external networks securely, safeguarding sensitive government systems and its information. However, Verizon discovered that their MTIPS solution did not completely satisfy required cybersecurity controls for the General Services Administration (GSA) from 2017 to 2021. For four years, government agencies were potentially vulnerable to cybersecurity failures and breaches due to the allegedly faulty MTIPS, affecting Trusted Internet Connections for the agency. While there was no whistleblower in this case, a whistleblower reporting cyber-fraud may be entitled to 15-25% of the government’s recovery in a qui tam False Claims Act settlement.
Upon learning of these concerns, Verizon chose to do the right thing, quickly alerting the government with a written self-disclosure and initiating corrective actions, such as an independent investigation to ensure any issues were resolved and that government information was secure. Furthermore, they fully cooperated with the government’s investigations and implemented the suggested remedial measures. It can only be hoped that other companies who discover complications regarding their government contracts follow in the footsteps of Verizon and self-disclose and correct concerns. The Acting Inspector General of GSA OIG stated about the case, “The United States should get the cybersecurity controls that it contracts and pays for to safeguard against cyber threats that could compromise critical information and systems.” Whistleblowers who say something when they see something can help avert data disasters and financial mismanagement.
The False Claims Act allegations against Verizon are connected to the Department of Justice’s Civil Cyber-Fraud Initiative, implemented in October 2021. Under this initiative the DOJ will pursue government contractors for cybersecurity violations in contracts, including:
- Knowingly providing deficient cybersecurity products or services
- Knowingly misrepresenting their cybersecurity practices or protocols
- Knowingly violating obligations to monitor and report cybersecurity incidents and breaches
Whistleblowers can help protect taxpayer funds and sensitive government data by blowing the whistle on contractors who knowingly fail to safeguard sensitive information.
If you would like to report cyber-fraud, you can contact attorneys at Tycko & Zavareei LLP. Eva Gunasekera and Renée Brooker are former officials of the United States Department of Justice and prosecuted whistleblower cases under the False Claims Act. Renée served as Assistant Director at the United States Department of Justice, the office that supervises False Claims Act cases in all 94 United States District Courts. In 2022, she moderated the panel, “The False Claims Act as a Weapon Against Cybersecurity Fraud” at the Federal Bar Association’s Virtual Qui Tam Conference. Eva was the Senior Counsel for Health Care Fraud. Eva and Renée now represent whistleblowers. For a free consultation, you can contact Renée at [email protected] (tel.: 202-417-3664) or contact Eva Gunasekera at [email protected]. You can also go to Tycko & Zavareei LLP’s website for whistleblowers to learn more at www.fraudfighters.net.