PHILADELPHIA, PA — The Pennsylvania State University (Penn State) has agreed to a $1.25 million settlement to resolve allegations related to violations of the False Claims Act, as announced by United States Attorney Jacqueline C. Romero. These allegations pertain to Penn State’s failure to adhere to cybersecurity requirements in 15 contracts or subcontracts associated with the Department of Defense (DoD) and the National Aeronautics and Space Administration (NASA).
The settlement addresses claims that between 2018 and 2023, Penn State did not implement required cybersecurity controls and falsely reported compliance dates for these controls in summary scores submitted to the DoD. Furthermore, it was alleged that the university used an external cloud service provider that did not meet the DoD’s security standards for handling covered defense information.
U.S. Attorney Romero emphasized the critical nature of cybersecurity, stating, “Federal contractors who store or access covered defense information must take required steps to protect that sensitive information from bad actors.” She affirmed the commitment of her office and law enforcement partners to rectify non-compliance.
Special Agent Greg Gross of the Naval Criminal Investigative Service underscored the significance of cybersecurity in safeguarding research and acquisition information, particularly as cyber threats grow more sophisticated. He stated, “NCIS, along with our federal partners, are committed to investigating entities who fail to implement contractual requirements designed to protect Department of the Navy critical information.”
Patrick J. Hegarty, Special Agent in Charge of the Defense Criminal Investigative Service’s Northeast Field Office, highlighted the risks posed by failing to meet DoD contract specifications and cybersecurity standards. He reiterated the ongoing collaborative efforts with law enforcement and the Department of Justice to address such violations.
NASA’s Assistant Inspector General for Investigations, Robert Steinau, noted the impact of Penn State’s actions on the integrity of government cybersecurity efforts. He stated, “The University’s inability to adequately address known deficiencies not only put sensitive information at risk but also undermined the integrity of our government’s cybersecurity efforts.”
The settlement stems from a lawsuit filed under the whistleblower provisions of the False Claims Act. Matthew Decker, former Chief Information Officer for Penn State’s Applied Research Laboratory and the whistleblower in this case, is set to receive $250,000 from the settlement amount.
This resolution was achieved through the concerted efforts of various federal agencies, including the Justice Department’s Civil Division, the Naval Criminal Investigative Service, NASA’s Office of Inspector General, and the Department of Defense Office of Inspector General. The matter was managed by Assistant U.S. Attorneys Rebecca S. Melley and Peter Carr, with support from Auditor Dawn Wiggins.
While the settlement resolves the allegations, it is important to note that there has been no determination of liability.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.