Georgia Institute of Technology — DoD Cybersecurity Compliance
Georgia Tech Pays $875,000 for Cybersecurity Failures on DoD Contracts
Source: U.S. Department of Justice
TL;DR: Georgia Tech Pays $875,000 for Cybersecurity Failures on DoD Contracts This case resulted in a $875,000 resolution and demonstrates the impact of whistleblower protections in recovering funds from fraud.
Summary
Georgia Tech Research Corporation agreed to pay $875,000 to resolve DOJ allegations that it failed to meet cybersecurity requirements tied to certain Air Force and DARPA contracts, resulting in FCA and federal common law exposure. DOJ alleged that, until December 2021, required anti-virus/anti-malware protections were not properly installed, updated, or run on systems used for sensitive DoD cyber-defense research at a Georgia Tech lab.
Our Take
Cyber-fraud cases frequently originate with technical teams who documented gaps long before the government ever looked: unpatched endpoints, missing tooling, exceptions that became permanent, and "temporary" workarounds that lasted years. The most persuasive evidence is usually timestamped: IT tickets, vulnerability scans, audit findings, compliance attestations, and proof of what was (and wasn't) deployed. If you recognize a culture where contract-required controls are treated as aspirational, preserve the artifacts that show the difference between what was promised and what was implemented.
Read the full article from the original source:
View Original ArticleOpens in a new tab. Content from U.S. Department of Justice.
Notice
The summaries above are based on publicly available information released by the U.S. Department of Justice and are provided for informational purposes only. They do not constitute legal advice, investigative findings, or allegations by Disclosure Strategy. Our commentary reflects general, experience-based observations about how False Claims Act matters commonly arise and is not a statement about any party's liability.