Legal.io
Sep 05, 2023

Cyber-Related False Claims Act Cases on the Rise

A notable case involves Penn State University, which is accused of non-compliance with DoD cybersecurity obligations and falsely attesting to DFARS compliance since 2018.

Cyber-Related False Claims Act Cases on the Rise

In recent weeks, there has been a significant increase in cyber-related False Claims Act (FCA) activity. This surge in activity signals that contractors and universities should brace for additional scrutiny and potential whistleblower claims in this area.

One notable example is a qui tam lawsuit against Penn State University, which was unsealed on September 1, 2023. The lawsuit alleges non-compliance with Department of Defense (DoD) cybersecurity obligations. Specifically, it is claimed that Penn State University failed to provide “adequate security” for Covered Defense Information (CDI), as contractually required by the DFARS 252.204-7012 clause.

Under this clause, “adequate security” is defined as implementing all 110 controls outlined in NIST SP 800-171. Federal regulations require DoD contractors to conduct a self-assessment of compliance with these controls and report a compliance score in DoD’s Supplier Performance Risk System (SPRS).

The lawsuit alleges that Penn State falsified at least 20 documents related to its NIST SP 800-171 self-assessment and other self-attestations. Despite never reaching DFARS compliance, the university had been falsely attesting to compliance since January 1, 2018.

Furthermore, the lawsuit alleges sensitive information was put at risk when the university migrated some of its data to a commercial cloud-storage service. The relator in the case served as the interim Chief Information Officer at Penn State’s Applied Research Laboratory in 2015 and was a part of a team assigned to evaluate Penn State University’s compliance in early 2022.

Implications

These cases suggest that the number of enforcement actions and publicity associated with previously-sealed qui tam cases will continue to increase. They also signal that contractors and universities should brace for additional scrutiny in this area.

In light of these developments, it is crucial for organizations to examine their cybersecurity practices and ensure they are in compliance with all relevant regulations. This includes conducting regular self-assessments of compliance with controls such as those outlined in NIST SP 800-171.

Moreover, organizations must be transparent about their cybersecurity practices. Falsifying documents or attesting to compliance without actually meeting the necessary standards can lead to serious consequences, as seen in the Penn State case. Failure to comply with these standards can result in significant legal and financial consequences.

TechnologyLitigation

Customer Stories

See how leading enterprise in-house teams have scaled smarter with Legal.io's high-caliber flex talent.

Plaid
How Plaid used Legal.io for Flexible, Cost Effective Legal Talent

FINANCE / ENTERPRISE

Medallia
How Medallia Managed Legal Overflow and Accelerated Deals with Legal.io

SAAS / ENTERPRISE

Verily
How Verily Addressed High-Volume Commercial Counsel Needs with Legal.io

HEALTHCARE / ENTERPRISE

Zoom
How Zoom Streamlined Legal Operations with Flexible Staffing

TECHNOLOGY / ENTERPRISE

More from Legal.io

Legal Insights
BigLaw Billing Rates Surge Past $3,400 an Hour as Partner Fees Hit New Records

Partner billing rates at the 50 largest US law firms rose 16% last year, with some partners now commanding $4,000+ per hour. The data is forcing corporate legal departments to rethink outside counsel strategy.

Feb 27, 2026
Read More
Legal Market Data: Job Opportunities in Times of Pandemic
Legal Market Data: Job Opportunities in Times of Pandemic

A look into the legal job market, and how COVID-19 has affected job prospects for individuals seeking work, based on data from The US Bureau of labor statistics, Indeed, LinkedIn, and the Legal.io Community.

CareerLabor and Employment
May 08, 2020
Read More
Legal Insights
Big Law Firms Invest in Legal Tech to Stay Competitive

Big Law firms are increasingly putting their financial might into legal technology development, anxious to tailor new software to the specific needs of lawyers at their firms.

Feb 12, 2025
Read More
Legal Insights
Anthropic's Claude Legal Plugin: One Month On, the Market Fallout and What It Means for Legal Teams

Anthropic's Claude legal plugin sent legal tech stocks into freefall in February 2026. A month later, legal AI leaders assess the real implications for law firms and in-house teams.

Mar 06, 2026
Read More
Grindr Appoints Former Obama Lawyer Zachary Katz as General Counsel and Head of Global Affairs
Grindr Appoints Former Obama Lawyer Zachary Katz as General Counsel and Head of Global Affairs

Zachary Katz joins the Grindr legal team as General Counsel and Head of Global Affairs

General CounselIn-House Counsel
Sep 24, 2023
Read More
Ready to hire?

Schedule a free consultation to discuss your hiring needs.

Schedule Call
Free 15-min consultation
Legal.io Platform
5 star reviews
Hiring made smarter

Easy-to-use platform for hiring legal talent, managing spend, and optimizing your panel — plus an average savings of 50%.

Need Immediate Help?

Submit a hiring request and let our experts handle the entire process for you.

Submit Hiring Request