Guidehouse / Nan McKay — Grant-Funded Cybersecurity Failures
Government Contractors Pay $11.3 Million for Cybersecurity Testing Failures
Source: U.S. Department of Justice
TL;DR: Government Contractors Pay $11.3 Million for Cybersecurity Testing Failures This case resulted in a $11.3 Million resolution and demonstrates the impact of whistleblower protections in recovering funds from fraud.
Summary
Guidehouse and Nan McKay paid $11.3 million combined to resolve DOJ allegations that they failed to meet cybersecurity requirements in a federally funded effort supporting New York's Emergency Rental Assistance Program (ERAP). DOJ described Guidehouse as the prime contractor and Nan McKay as a subcontractor responsible for the ERAP online application technology; DOJ stated both shared responsibility for required pre-production cybersecurity testing and admitted neither completed that required testing before the program went live in June 2021.
Our Take
Grant- and benefits-platform cybersecurity cases often begin with the same internal mismatch: aggressive launch timelines and incomplete security gates. Insiders commonly have the decisive evidence—project plans, go-live checklists, security testing schedules, risk acceptances, and communications documenting "known issues" at launch. If you were asked to sign off on a system that didn't meet contractual security requirements, preserve the approvals chain and the testing record showing what was skipped.
Read the full article from the original source:
View Original ArticleOpens in a new tab. Content from U.S. Department of Justice.
Notice
The summaries above are based on publicly available information released by the U.S. Department of Justice and are provided for informational purposes only. They do not constitute legal advice, investigative findings, or allegations by Disclosure Strategy. Our commentary reflects general, experience-based observations about how False Claims Act matters commonly arise and is not a statement about any party's liability.