by Ben Vernia | July 12th, 2022
On June 8, the Department of Justice announced that on the second day of trial, space contractor Aerojet Rocketdyne, Inc., had agreed to pay $9 million to settle allegations, originally brought by a whistleblower, that the company had falsely certified that it was complying with federal cybersecurity requirements. According to DOJ’s press release:
Aerojet Rocketdyne Inc., headquartered in El Segundo, California, has agreed to pay $9 million to resolve allegations that it violated the False Claims Act by misrepresenting its compliance with cybersecurity requirements in certain federal government contracts, the Justice Department announced today. Aerojet provides propulsion and power systems for launch vehicles, missiles and satellites and other space vehicles to the Department of Defense, NASA and other federal agencies.
The settlement resolves a lawsuit filed and litigated by former Aerojet employee Brian Markus against Aerojet under the qui tam or whistleblower provisions of the False Claims Act, which permit a private party (known as a relator) to file a lawsuit on behalf of the United States and receive a portion of any recovery. Mr. Markus and Aerojet reached a settlement of the case on the second day of trial. Mr. Markus will receive $2.61 million as his share of the False Claims Act recovery.
“Whistleblowers with inside information and technical expertise can provide crucial assistance in identifying knowing cybersecurity failures and misconduct,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division.
“The qui tam action brought by Mr. Markus is an example of how whistleblowers can contribute to civil enforcement of cybersecurity requirements through the False Claims Act,” said U.S. Attorney Phillip A. Talbert for the Eastern District of California.
On Oct. 6, 2021, the Deputy Attorney General announced the Department’s Civil Cyber-Fraud Initiative, which aims to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. Information on how to report cyber fraud can be found here.
* * *
The whistleblower’s award amounts to a 29% relator’s share.
