Verizon Business Network Services has agreed to pay $4.091 million to resolve allegations of violating the False Claims Act, following accusations that it failed to fully comply with required cybersecurity controls while providing information technology services to federal agencies.
The settlement, which concluded the legal proceedings, recognized that Verizon had cooperated with the government by taking significant measures to address the cybersecurity concerns raised during the investigation, according to a news statement.
Deputy Assistant Attorney General Michael Granston of the Civil Division’s Commercial Litigation Branch emphasized the importance of government contractors adhering to cybersecurity standards, highlighting that failure to do so could jeopardize the security of sensitive government information and information systems.
Michael Granston stated, “We will continue to pursue knowing cybersecurity-related violations under the Department’s Civil Cyber-Fraud Initiative and to provide credit in settlements to government contractors that disclose misconduct, cooperate with pending investigations and take remedial measures, all of which are critically important to protecting the nation against cyber threats.”
The settlement specifically pertains to Verizon’s Managed Trusted Internet Protocol Service (MTIPS), designed to provide secure connections to the public internet and external networks for federal agencies. The allegations involved Verizon’s failure to fully satisfy three required cybersecurity controls for Trusted Internet Connections in relation to General Services Administration (GSA) contracts spanning from 2017 to 2021.
Verizon responded to these concerns by initiating a written self-disclosure to the government, conducting an independent investigation, and offering multiple detailed supplemental written disclosures. They also cooperated fully with the government’s investigation and promptly implemented substantial remedial measures.
Acting Inspector General Robert C. Erickson of the GSA stressed the importance of the United States receiving the contracted and paid-for cybersecurity controls to safeguard critical information and systems.
This settlement is part of the Department of Justice’s Civil Cyber-Fraud Initiative, which aims to hold accountable those entities or individuals knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.
The resolution was achieved through collaborative efforts between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section, and the GSA’s Office of Inspector General. Senior Trial Counsel Christopher Terranova handled the matter for the Fraud Section.