Cybersecurity Violations in Federal Government Contracts

Department of Justice

Office of Public Affairs

FOR IMMEDIATE RELEASE

Friday, July 8, 2022

Aerojet Rocketdyne Agrees to Pay $9 Million to Resolve False Claims Act

Allegations of Cybersecurity Violations in Federal Government Contracts

Aerojet Rocketdyne Inc., headquartered in El Segundo, California, has agreed to pay $9 million to resolve allegations that it violated the False Claims Act by misrepresenting its compliance with cybersecurity requirements in certain federal government contracts, the Justice Department announced today. Aerojet provides propulsion and power systems for launch vehicles, missiles and satellites and other space vehicles to the Department of Defense, NASA and other federal agencies.

The settlement resolves a lawsuit filed and litigated by former Aerojet employee Brian Markus against Aerojet under the qui tam or whistleblower provisions of the False Claims Act, which permit a private party (known as a relator) to file a lawsuit on behalf of the United States and receive a portion of any recovery. Mr. Markus and Aerojet reached a settlement of the case on the second day of trial. Mr. Markus will receive $2.61 million as his share of the False Claims Act recovery.

“Whistleblowers with inside information and technical expertise can provide crucial assistance in identifying knowing cybersecurity failures and misconduct,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division.

“The qui tam action brought by Mr. Markus is an example of how whistleblowers can contribute to civil enforcement of cybersecurity requirements through the False Claims Act,” said U.S. Attorney Phillip A. Talbert for the Eastern District of California.

On Oct. 6, 2021, the Deputy Attorney General announced the Department’s Civil Cyber-Fraud Initiative, which aims to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. Information on how to report cyber fraud can be found here.

The qui tam case is captioned United States ex rel. Brian Markus v. Aerojet Rocketdyne Holdings Inc., et al., Case No. 2:15-cv-02245-WBS-AC (E.D.Cal.).

The claims resolved by the settlement are allegations only and there has been no determination of liability.

Topic(s): 

False Claims Act

Component(s): 

Civil Division

USAO – California, Eastern

Press Release Number: 

22-726

Updated July 8, 2022

SHARE THIS POST