A former senior director of cybersecurity, compliance, and controls for a propulsion systems manufacturer and their former employer avoided a jury trial by reaching a settlement in a cyber fraud False Claims Act case. The Government declined to intervene in this case, but the whistleblower-relator continued to pursue the case. While the settlement is not final yet, the whistleblower is entitled to receive 25-30% of the settlement. This is the first cyber fraud case against a government contractor that settled right before the plaintiff’s jury trial.

The allegations hold that Aerojet Rocketdyne Holdings Inc. (Aerojet Rocketdyne) failed to comply with government cybersecurity requirements for protecting unclassified information as part of government contracts. The whistleblower alleges that Aerojet Rocketdyne lied about its cybersecurity policies in order to win more contracts and that the aerospace contractor experienced data breaches during 2014-2015. Failure to comply with cybersecurity requirements material to government contracts, and then submitting invoices to the government for payment under these contracts, constitutes false claims.

This case falls under the U.S. Department of Justice’s False Claims Act Civil Cyber Fraud Initiative launched in October. Under this initiative the DOJ will pursue government contractors for cybersecurity violations in contracts, including:

• knowingly providing deficient cybersecurity products or services

• knowingly misrepresenting their cybersecurity practices or protocols

• knowingly violating obligations to monitor and report cybersecurity incidents and breaches

Whistleblowers can help protect taxpayer funds and sensitive government data by blowing the whistle on contractors who knowingly fail to safeguard sensitive information.