On August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention (the “Complaint”) against the Georgia Institute of Technology (“Georgia Tech”) and Georgia Tech Research Corp. (“GTRC”). The 99-page DOJ Complaint alleges the defendants knowingly failed to meet contractual cybersecurity requirements in connection with various Department of Defense (“DoD”) contracts. The suit raises claims under the False Claims Act and federal common law (including fraud, negligent misrepresentation, breach of contract, unjust enrichment, and payment by mistake). This is the latest DOJ activity relating to its Civil Cyber Fraud Initiative (announced in October 2021), which we previously have written about here, here, and here.Continue Reading DOJ Sues Georgia Tech Entities for Cybersecurity Failures in the Latest Civil Cyber Fraud Initiative (CCFI) Activity
Department of Justice
Latest Cyber-Related FCA Settlement Underscores the Breadth of DOJ’s Civil Cyber-Fraud Focus
On June 17, 2024, the Department of Justice (“DOJ”) announced the latest settlement under its Civil Cyber-Fraud Initiative (“CCFI”) (previously discussed here).[1] The settlement resulted in a total of $11,300,000 in payments from two consulting companies (Guidehouse, Inc., the prime contractor, which paid $7,600,000; and Nan Kay and Associates, the subcontractor, which paid $3,700,000) to resolve allegations the two companies violated the False Claims Act by failing to meet cybersecurity requirements in federally-funded contracts.Continue Reading Latest Cyber-Related FCA Settlement Underscores the Breadth of DOJ’s Civil Cyber-Fraud Focus
Voluntary Self-Disclosure of FCPA Violations Following Acquisition Avoids Corruption Charges
Last week, the Department of Justice (“DOJ”) announced it declined to prosecute Lifecore, a U.S. biomedical company, after Lifecore voluntarily disclosed that a company it acquired paid bribes to Mexican officials and falsified documents both before and after Lifecore’s acquisition.[1] Continue Reading Voluntary Self-Disclosure of FCPA Violations Following Acquisition Avoids Corruption Charges
Corporate Voluntary Self-Disclosure (VSD) of Criminal Activity: More of the Same or a Real Sea Change?
On February 22, 2023, the U.S. Department of Justice (DOJ) announced a new nation-wide policy to incentivize companies to self-report criminal activity. Among the cited benefits of self-reporting are discounts on fines and non-prosecution agreements. This new policy arrives on the heels of the “Monaco Memo,” issued in September 2022 by Deputy Attorney General Lisa Monaco, which directed each prosecutorial DOJ component to review its policies on corporate voluntary self-disclosures and update to reflect the guidance’s core principles. The policy also is in addition to guidance from Attorney General Merrick Garland, who in December 2022 emphasized prosecutorial leniency in criminal cases. Together, these memos show a shift from prior administrations, which emphasized prosecuting the “most serious, readily provable offense,” not leniency for self-disclosures. Notably, the new policy does not impact individual actors, who, since the 2015 Yates Memo, still are a DOJ priority. Indeed, the new policy emphasizes that crediting voluntary self-disclosure by companies will help DOJ “ensure individual accountability” for individual criminal conduct. We break down key elements of the DOJ’s policy below, including our quick thoughts on how this policy may impact corporate decisions going forward. Continue Reading Corporate Voluntary Self-Disclosure (VSD) of Criminal Activity: More of the Same or a Real Sea Change?
Court Filing Reveals that DOJ Is Investigating Fintech’s Administration of PPP Loans
A federal court filing by a fintech company revealed that it has been under investigation by the Department of Justice (“DOJ”) in relation to its Paycheck Protection Program (“PPP”) loan approval practices for over a year. This rare disclosure of a pre-indictment DOJ investigation warns that the government is refocusing enforcement efforts to the fintechs and financial institutions that administered PPP loans.Continue Reading Court Filing Reveals that DOJ Is Investigating Fintech’s Administration of PPP Loans
Well, That Didn’t Take Long – DOJ Announces its First Settlement of a Civil Cyber-Fraud Case
On March 8, 2022, just five months after the creation of the Department of Justice’s (“DOJ”) new Civil Cyber-Fraud Initiative (previously discussed here), the DOJ announced its first settlement of a cyber-related fraud case. Under the settlement agreement, Comprehensive Health Services LLC (“CHS”) will pay $930,000 to resolve whistleblower allegations that it violated the False Claims Act by (among other things) failing to properly store and handle confidential information. This likely is just the start for increased cyber-related enforcement actions.
Executives Beware: DOJ Antitrust Division is Taking a Hard Look at a Wide Spectrum of Potential Criminal Violations
On March 2, Deputy Assistant Attorney General Richard Powers laid out a significant and aggressive criminal enforcement agenda for the Antitrust Division of the Department of Justice. While speaking at the the ABA National Institute on White Collar Crime in San Francisco, CA, Powers began his remarks by noting that the Division’s Criminal Section currently had 18 indicted cases against 10 companies and 42 individuals, including 8 CEOs or Presidents. DAAG Powers also noted that the Section had 146 open grand jury investigations – more than at any time in the last thirty years and “expect[ed] to stay busy this year and beyond.”
Continue Reading Executives Beware: DOJ Antitrust Division is Taking a Hard Look at a Wide Spectrum of Potential Criminal Violations
DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance
On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.
Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance