The Pennsylvania State University (Penn State) has agreed to pay $1.25 million to resolve civil allegations under the False Claims Act, according to an announcement by the U.S. Department of Justice. The settlement addresses claims that Penn State failed to comply with required cybersecurity obligations in connection with federal contracts and subcontracts involving the Department of Defense (DoD) and the National Aeronautics and Space Administration (NASA).
The settlement resolves allegations only and does not constitute an admission of liability or a judicial determination of wrongdoing.
Allegations Involving Federal Cybersecurity Requirements
According to the DOJ, the government alleged that Penn State failed to fully implement mandatory cybersecurity standards required under federal contracting rules when handling covered defense information. These standards are designed to protect sensitive government data and ensure contractors meet minimum security requirements.
The government further alleged that Penn State misrepresented its cybersecurity compliance status and failed to meet contractual obligations related to system security controls, including requirements governing external cloud service providers.
Settlement Terms
To resolve the civil allegations, Penn State agreed to pay $1.25 million to the United States. Federal officials emphasized that enforcement actions involving cybersecurity compliance are an increasing priority, particularly as government agencies rely more heavily on contractors and research institutions to safeguard sensitive information.
This case adds to a growing list of significant False Claims Act settlements involving cybersecurity compliance failures in federal contracting and research environments.
Whistleblower Lawsuit and Enforcement
The case arose from a qui tam whistleblower lawsuit filed under the False Claims Act by a former senior official. Whistleblower actions allow individuals with firsthand knowledge of misconduct involving federal funds to bring claims on behalf of the government.
Under the False Claims Act, whistleblowers may be eligible to receive a portion of the government’s recovery when their information leads to successful enforcement actions.
Why Cybersecurity Compliance Matters
Federal agencies depend on contractors and research institutions to maintain strong cybersecurity controls to protect national security information. Failure to comply with required safeguards can expose sensitive data and undermine public trust in federally funded programs.
This settlement underscores the importance of proactive compliance, accurate reporting, and internal oversight when participating in government contracts.
Contact The Whistleblower Advocates
If you have information about cybersecurity noncompliance, misrepresentations in government contracting, or other conduct that may violate the False Claims Act, The Whistleblower Advocates New Jersey Team offers free and confidential consultations. Our attorneys help individuals understand their rights and guide them through the whistleblower process while protecting their legal interests.
This article is a news article for informational purposes only. The Whistleblower Advocates did not represent the parties identified in the story above.
