Listen to the article
DOJ Secures Over $50 Million in Cybersecurity False Claims Act Settlements
The Department of Justice has secured over $50 million in settlements related to cybersecurity violations under the False Claims Act (FCA) over the past nine months, signaling a clear enforcement priority for the Trump administration’s second term. These actions target organizations contracting with the federal government that fail to meet cybersecurity requirements or falsely certify compliance.
The administration’s cybersecurity focus was formalized on June 6, 2025, when President Trump signed Executive Order 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144.” The order contains amendments and directives aimed at strengthening national cybersecurity defenses against foreign nations and criminals conducting cyber campaigns against the United States.
While the emphasis on cybersecurity represents a new priority, the administration has leveraged the long-established False Claims Act as its primary enforcement mechanism. This approach has already yielded significant results across various industries and violation types.
In February 2025, Health Net Federal Services LLC (HNFS) and its parent company Centene Corporation reached an $11 million settlement with the government. The case centered on allegations that HNFS falsely certified compliance with cybersecurity requirements in its Department of Defense contracts between 2015 and 2018. Notably, Centene acquired HNFS in 2016 but still faced liability for the subsidiary’s actions.
Another significant settlement came in July 2025 when aerospace contractor Aero Turbine Inc. and private equity firm Gallant Capital Partners LLC agreed to pay $1.75 million to resolve allegations that Aero Turbine failed to comply with cybersecurity requirements in its Air Force contracts. The government also alleged improper control over information access by unauthorized foreign personnel. Both companies received credit for voluntary disclosure and cooperation under Justice Manual guidelines.
That same month, biotech company Illumina, Inc. reached a $9.8 million settlement over allegations it sold the government a defunct and vulnerable cybersecurity genomic sequencing system.
In September 2025, the Georgia Tech Research Corporation, a nonprofit government contractor, settled FCA allegations for $875,000 after allegedly failing to meet cybersecurity requirements in its federal agency contracts.
Assistant Attorney General Brett A. Shumate of DOJ’s Civil Division emphasized the department’s commitment to this enforcement approach, stating, “Together with DoD and other agency partners, the Department of Justice will continue to pursue and litigate violations of cybersecurity requirements to hold contractors accountable when they violate their cybersecurity commitments.”
Several critical patterns have emerged from these settlements. First, actual cybersecurity breaches are not necessary to trigger FCA liability—the failure to meet contractual cybersecurity obligations is sufficient. Second, companies acquiring government contractors may inherit FCA liability for the acquired entity’s past conduct.
Additionally, these enforcement actions cross industry boundaries. While defense contractors remain a significant focus, any company contracting with the federal government faces potential scrutiny. The cases also highlight how private equity firms can face FCA risk for the actions of their portfolio companies.
Legal experts recommend that companies facing cybersecurity incidents or suspected breaches engage experienced counsel immediately to conduct proper investigations. Companies should also consider the potential benefits of self-disclosure under DOJ policies, which can result in reduced penalties as demonstrated in the Aero Turbine and Gallant Capital Partners settlement.
As cybersecurity threats continue to evolve and government contractors handle increasingly sensitive information, this enforcement trend is expected to accelerate. Companies doing business with the federal government should ensure robust compliance programs and accurate certifications of their cybersecurity measures or risk becoming the next target of this enforcement priority.
Verify This Yourself
Use these professional tools to fact-check and investigate claims independently
Reverse Image Search
Check if this image has been used elsewhere or in different contexts
Ask Our AI About This Claim
Get instant answers with web-powered AI analysis
Related Fact-Checks
See what other fact-checkers have said about similar claims
Want More Verification Tools?
Access our full suite of professional disinformation monitoring and investigation tools
19 Comments
As the mining and energy sectors continue to digitize, the need for robust cybersecurity practices becomes even more pressing. These settlements demonstrate the DOJ’s commitment to holding companies accountable.
It’s encouraging to see the administration taking proactive steps to address cybersecurity vulnerabilities, particularly in the mining and energy sectors. Maintaining strong defenses is essential for national security.
Absolutely. Securing critical infrastructure against cyber threats should be a top priority for both government and industry. These settlements show the DOJ is serious about holding companies accountable.
Cybersecurity is an increasingly critical issue, especially for industries handling sensitive data or critical infrastructure. These settlements demonstrate the DOJ’s commitment to robust enforcement.
It’s encouraging to see the DOJ taking a proactive stance on cybersecurity enforcement. These settlements should serve as a wake-up call for any company that may be complacent about their security measures, especially those working with the government.
Absolutely. Cybersecurity is no longer a nice-to-have, but a necessity for any organization handling sensitive data or critical infrastructure. These enforcement actions will hopefully drive broader industry improvements.
This enforcement priority aligns with the growing threat of nation-state and criminal cyber attacks. Proactive measures to strengthen defenses are crucial for industries handling sensitive data or critical infrastructure.
Absolutely. Complacency is not an option when it comes to cybersecurity, especially for government contractors. These settlements should serve as a wake-up call for any organization that may be falling short.
This is an important step in holding companies accountable for cybersecurity failures, especially those doing business with the government. Rigorous compliance with security standards is critical to protect sensitive data and infrastructure.
Agreed. The False Claims Act is a powerful tool to incentivize strong cybersecurity practices and deter fraud. Kudos to the DOJ for taking this issue seriously.
Curious to see if this will have a broader impact on the mining and energy sectors, where cybersecurity risks can be particularly high. Companies in these industries should take note and ensure robust compliance.
Good point. Securing critical infrastructure like power grids and mining operations is essential. These settlements send a clear message about the consequences of lax cybersecurity.
It’s encouraging to see the administration taking a strong stance on this issue. Cybersecurity breaches can have devastating impacts, so the DOJ’s focus on enforcement is well warranted.
While the dollar amounts are significant, the real value may lie in the deterrent effect these settlements have on other organizations. Hopefully, this sends a strong message about the consequences of non-compliance.
Good point. The reputational damage and legal penalties from these cases can be just as impactful as the financial settlements. Companies should take note and prioritize cybersecurity accordingly.
Cybersecurity should be a fundamental consideration for any company doing business with the government. These settlements demonstrate the DOJ’s commitment to ensuring contractors meet their obligations in this area.
Agreed. Maintaining robust cybersecurity practices is not optional for government contractors. The DOJ is clearly sending a strong message with these enforcement actions.
While the financial penalties are significant, the real impact may be the increased scrutiny and compliance demands these settlements place on government contractors. Companies should take note and shore up their cybersecurity measures.
The mining and energy sectors are particularly vulnerable to cyber threats given the critical nature of their operations. These settlements highlight the need for heightened vigilance and investment in cybersecurity across these industries.