The DOJ Goes Phishing: The Rise of False Claims Act Cybersecurity Litigation
This past October, Deputy Attorney General Lisa Monaco announced the launch of the Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative targeting entities and individuals that fail to follow government cybersecurity standards. Under the initiative, to be led by the Fraud Section of the Civil Division’s Commercial Litigation Branch, the DOJ announced that it would utilize its powerful enforcement tool — the False Claims Act (FCA) — to pursue cybersecurity-related fraud by government contractors and grant recipients. Shortly after the announcement, in remarks at the Cybersecurity and Infrastructure Security Agency (CISA) 4th Annual National Cybersecurity Summit on Oct. 13, 2021, DOJ Civil Division acting Assistant Attorney General Brian Boynton described three “prime candidates” for potential FCA enforcement under the initiative: 1) providing products or services that fail to comply with cybersecurity standards; 2) misrepresenting security controls and practices; and 3) failing to timely report suspected cybersecurity breaches.
Gloss