In an era where digital threats loom large, the Department of Justice (DOJ) has taken several steps to safeguard a strong national cybersecurity framework. In particular, on October 6, 2021, DOJ announced the Cyber-Fraud Initiative (the Initiative), which uses the False Claims Act (FCA) to combat cybersecurity fraud committed by government contractors and grant recipients. See, “Deputy Attorney General Lisa O. Monaco Announces New Civil Cyber-Fraud Initiative,” Office of Public Affairs Department of Justice (Oct. 2, 2021).
Over the past three years since Deputy Attorney General (DAG) Lisa Monaco announced the Initiative, DOJ has targeted a broad range of illegal conduct, including deficient cybersecurity standards, misrepresentation of cybersecurity practices and failure to timely report data security incidents. The number of cases and settlement amounts have also grown substantially to include seven publicly announced settlements that total more than $2.8 million dollars. In fact, in the last two months alone, DOJ announced three significant settlements totaling $1.4 million. See, “Consulting Companies to Pay $11.3M for Failing to Comply with Cybersecurity Requirements in Federally Funded Contract,” Office of Public Affairs Department of Justice (June 17, 2024); “Staffing Company to Pay $2.7M for Alleged Failure to Provide Adequate Cybersecurity for COVID-19 Contact Tracing Data,” Office of Public Affairs Department of Justice, (May 1, 2024).