by Ben Vernia | September 7th, 2023
On September 5, the Department of Justice announced a settlement with a Verizon subsidiary, which the government alleged had fallen short of cybersecurity standards required by federal contracts. According to DOJ’s press release:
Verizon Business Network Services LLC, of Ashburn, Virginia, has agreed to pay $4,091,317 to resolve False Claims Act allegations that it failed to completely satisfy certain cybersecurity controls in connection with an information technology service provided to federal agencies. In connection with the settlement, the United States acknowledged that Verizon took a number of significant steps entitling it to credit for cooperating with the government.
* * *
This settlement relates to Verizon’s Managed Trusted Internet Protocol Service (MTIPS), which is designed to provide federal agencies with secure connections to the public internet and other external networks. The settlement resolves allegations that Verizon’s MTIPS solution did not completely satisfy three required cybersecurity controls for Trusted Internet Connections with respect to General Services Administration (GSA) contracts from 2017 to 2021. After learning of the issues, Verizon provided the government with a written self-disclosure, initiated an independent investigation and compliance review of the issues and provided the government with multiple detailed supplemental written disclosures. Verizon cooperated with the government’s investigation of the issues and took prompt and substantial remedial measures.
* * *
The case apparently arose from a government investigation, rather than a whistleblower’s lawsuit.
