U.S. Department of Justice
Office of Public Affairs
September 5, 2023
Verizon Business Network Services LLC, of Ashburn, Virginia, has agreed to pay $4,091,317 to resolve False Claims Act allegations that it failed to completely satisfy certain cybersecurity controls in connection with an information technology service provided to federal agencies. In connection with the settlement, the United States acknowledged that Verizon took a number of significant steps entitling it to credit for cooperating with the government.
“When government contractors fail to follow required cybersecurity standards, they may jeopardize the security of sensitive government information and information systems,” said Deputy Assistant Attorney General Michael Granston of the Civil Division’s Commercial Litigation Branch. “We will continue to pursue knowing cybersecurity related violations under the Department’s Civil Cyber-Fraud Initiative and to provide credit in settlements to government contractors that disclose misconduct, cooperate with pending investigations and take remedial measures, all of which are critically important to protecting the nation against cyber threats.”
This settlement relates to Verizon’s Managed Trusted Internet Protocol Service (MTIPS), which is designed to provide federal agencies with secure connections to the public internet and other external networks. The settlement resolves allegations that Verizon’s MTIPS solution did not completely satisfy three required cybersecurity controls for Trusted Internet Connections with respect to General Services Administration (GSA) contracts from 2017 to 2021. After learning of the issues, Verizon provided the government with a written self-disclosure, initiated an independent investigation and compliance review of the issues and provided the government with multiple detailed supplemental written disclosures. Verizon cooperated with the government’s investigation of the issues and took prompt and substantial remedial measures.
“The United States should get the cybersecurity controls that it contracts and pays for to safeguard against cyber threats that could compromise critical information and systems,” said Acting Inspector General Robert C. Erickson of the GSA. “I appreciate the efforts of the investigative team that worked on this case.”
On Oct. 6, 2021, the Deputy Attorney General announced the department’s Civil Cyber-Fraud Initiative to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. Information on how to report cyber fraud can be found here.
The resolution obtained in this matter was the result of a coordinated effort between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section and the GSA’s Office of Inspector General. The matter was handled by Fraud Section Senior Trial Counsel Christopher Terranova.
The claims resolved by the settlement are allegations only, and there has been no determination of liability.
Updated September 5, 2023
Source: U.S. Department of Justice press release