We represent victims of reverse discrimination and anti-DEI whistleblowers

Cybersecurity Violations Trigger $4.6 Million Penalty for Defense Contractor

posted: May 29, 2025
Steve Kardell
Fraud
fraud, false claims, cybersecurity violations

Defense contracts are big business. Many companies depend on the funds from these agreements that enable our armed forces to meet their needs. However, these deals impose critical responsibilities on contractors. Perhaps, most importantly, companies that do business with branches of our armed forces must observe strict rules relating to cybersecurity, and attest that they have done so.

Despite clear requirements in this area, some businesses violate these provisions, potentially putting our military at risk. Recently, the Department of Justice announced a major settlement in a case involving false cybersecurity representations by a defense contractor.

MORSE, a Massachusetts company, is paying $4.6 million to resolve allegations that it violated the False Claims Act in contracts with the Departments of the Army and Air Force between January 2018 and September 2022. According to the settlement, MORSE knew that it had not complied with the cybersecurity requirements outlined in the agreements, but acted as if it had. One example is that MORSE used a third-party company to host its emails but failed to ensure that the third party met the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline security requirements.

Under the system used by the Defense Department, security controls are measured on as scale that runs from -203 to 110. In its self-reporting, MORSE claimed that its score was 104. However, when a third-party cybersecurity consultant had conducted a review of the company, they assigned a score of -142. Some of the specific problems related to the reporting and damage assessment associated with cyber incidents. Other areas of concern involved malicious software handling, media preservation and access to information and equipment necessary for forensic analysis.

For businesses engaged in federal contracting, it is essential to understand and adhere to all cybersecurity requirements outlined in their agreements. Employees who learn about misrepresentations to the government might qualify as whistleblowers, potentially making them eligible to receive a portion of any recovery collected from the company committing fraud.

Kardell Law Group represents whistleblowers in all types of cases involving violations of the False Claims Act. When you work with us, we’ll give you an honest assessment of your case and will advocate for appropriate payment if you are eligible.

Contact The Firm

Our Location

--mi

Whistleblower Law For Managers

Address

4514 Cole Ave., Suite 600
Dallas, TX 75205

Get Directions

Call Kardell Law Group

214-306-8045

Whistleblower Law For Managers is located in Dallas, TX and serves clients in and around Dallas, Irving, Mesquite, Richardson, Garland, Sunnyvale, Lancaster, Desoto, Hutchins, Sachse, Rowlett, Wilmer, Wylie, Euless, Arlington, The Colony, Grapevine, Seagoville, Collin County, Dallas County, Denton County, Ellis County, Kaufman County, Rockwall County and Tarrant County.

Attorney Advertising. This website is designed for general information only. The information presented at this site should not be construed to be formal legal advice nor the formation of a lawyer/client relationship. [ Site Map ]

See our profiles at Lawyers.com and Martindale.com

Martindale-Hubbell and martindale.com are registered trademarks; AV, BV, AV Preeminent and BV Distinguished are registered certification marks; Lawyers.com and the Martindale-Hubbell Peer Review Rated Icon are service marks; and Martindale-Hubbell Peer Review Ratings are trademarks of MH Sub I, LLC, used under license. Other products and services may be trademarks or registered trademarks of their respective companies. Copyright © 2026 MH Sub I, LLC. All rights reserved.