DOJ Cyber Fraud Settlements Show the Expanding Reach of the False Claims Ac

by Anna D’Agostino and Cameron Smith

Recent False Claims Act (“FCA”) settlements demonstrate the effectiveness of the Department of Justice’s (“DOJ”) Civil Cyber-Fraud Initiative, holding accountable for misrepresenting cybersecurity controls. Georgia Tech Research Corporation’s $875,000 settlement is the latest in this growing trend. Miller Shah LLP represents whistleblowers in cybersecurity and government contracting fraud, helping ensure digital security failures do not put sensitive government data at risk.

What is the Civil Cyber-Fraud Initiative?

The DOJ launched the Civil Cyber-Fraud Initiative in October 2021 to pursue cybersecurity-related fraud under the FCA. This initiative combines the DOJ’s expertise in civil fraud enforcement, government procurements, and cybersecurity to combat the growing threats to essential cyber infrastructure and sensitive information.  Essentially, the DOJ’s goal is to ensure businesses provide the same commitment to cybersecurity to the government as they do to their commercial customers.

The initiative marks an emphasis by the DOJ on investigating and prosecuting government contractors and grant recipients that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. The DOJ has investigated and litigated a wide range of government contractors under the FCA, especially those that deal with sensitive information.

Although the Civil Cyber-Fraud Initiative was started under the Biden administration, President Trump recently issued an executive order clarifying that protection of government data remains a top priority.

The Georgia Tech Research Corporation Settlement

On September 30, 2025, the DOJ announced that Georgia Tech Research Corporation (“GTRC”) agreed to an $875,000 settlement to resolve allegations that it failed to meet cybersecurity requirements in connection with certain Air Force and Defense Advanced Research Projects Agency (“DARPA”) contracts. The whistleblowers who brought the suit claimed that in December 2020, GRTC and Georgia Tech submitted a false summary level cybersecurity assessment score of 98 to the Department of Defense (“DoD”). However, Georgia Tech does not have a campus-wide system, meaning the score was based on a fictitious environment that did not apply to any actual contracting systems that processed, stored, and transmitted covered DoD information. According to the lawsuit, submission of a cybersecurity assessment has been a condition of DoD contracts since 2017.

Cybersecurity Whistleblower Cases Under the FCA

The False Claims Act imposes liability on entities or individuals that knowingly submit false or fraudulent claims for payment or reimbursement to the government. Government agencies put a substantial amount of trust in their contractors’ cyber infrastructure, and the risk of cybersecurity attacks or fraud is a significant concern. Government contractors that receive federal funds can be held liable for falsely claiming compliance on IT services and systems that house government data. Those who knowingly provide deficient cybersecurity products or services, misrepresent their cybersecurity practices, or violate contractual obligations to monitor and report cybersecurity risks may be subject to false claims liability.

High-Risk Industries for Cybersecurity Fraud

The DOJ has been adamant about pursuing deficiencies in cybersecurity that pose a threat to national security. Therefore, government contractors working with the DoD or the Department of Health and Human Services that handle sensitive information about defense and health data may be more at risk than other government contractors.

Because small contractors are held to the same standards as larger, more resourced government contractors, smaller businesses may be more at risk due to a lack of resources to comply with cybersecurity standards and protocols.

Rewards and Protections for Cyber Whistleblowers

Under the FCA, whistleblowers who come forward with information regarding cyber-fraud against government programs can receive monetary rewards. After a court enters judgment or a case has been settled, whistleblowers whose information played a role in exposing fraud can receive up to 30% of the settlement or judgment.

While whistleblowers are crucial to exposing bad actors and protecting tax-payer dollars, they often risk adverse action from employers when coming forward. The FCA prohibits employers from retaliating against employees who report misconduct, preventing employers from demoting, firing, harassing, or otherwise discriminating against whistleblowers for their actions.

Combating Cyber Fraud with Miller Shah

Miller Shah has extensive experience litigating cybersecurity fraud and other whistleblower matters. Our attorneys are well-versed in the intricacies surrounding cybersecurity laws, IT fraud, and whistleblower protection.

If you believe you have information about cyber fraud against a government program and are considering blowing the whistle, call us at 866-540-5505 or contact us online for a free and confidential initial consultation.