MORSECORP — Army/Air Force Cybersecurity Fraud
Defense Contractor Pays $4.6 Million for Cybersecurity Fraud
Source: U.S. Department of Justice
TL;DR: Defense Contractor Pays $4.6 Million for Cybersecurity Fraud This case resulted in a $4.6 Million resolution and demonstrates the impact of whistleblower protections in recovering funds from fraud.
Summary
Defense contractor MORSECORP, Inc. agreed to pay $4.6 million to resolve False Claims Act allegations that it submitted false claims related to alleged noncompliance with cybersecurity requirements in its Army and Air Force contracts. DOJ alleged the company did not implement certain cybersecurity controls, failed to ensure its third-party email host met required security standards, and failed to have a written cybersecurity plan as required by its contracts.
Our Take
Small and mid-size defense contractor cyber cases often involve the practical reality that implementing NIST SP 800-171 is expensive and complex—and the temptation to certify compliance without actually achieving it. Insiders typically have access to the actual security posture, any assessments showing gaps, communications about the cost of compliance, and the decision to certify anyway. If you've seen a contractor claim cybersecurity compliance while knowing the controls aren't in place, that gap between certification and reality is the core of the case.
Read the full article from the original source:
View Original ArticleOpens in a new tab. Content from U.S. Department of Justice.
Notice
The summaries above are based on publicly available information released by the U.S. Department of Justice and are provided for informational purposes only. They do not constitute legal advice, investigative findings, or allegations by Disclosure Strategy. Our commentary reflects general, experience-based observations about how False Claims Act matters commonly arise and is not a statement about any party's liability.