Search:

Recent Posts

Popular Topics

Contributors

Archives

White Collar + Fraud + Investigations + Compliance

Verizon Cooperates with DOJ related to Cybersecurity Allegations

On Monday, the DOJ announced a settlement with Verizon Business Network Services LLC (“Verizon”), where Verizon agreed to pay $4.1 M to settle allegations that it failed to completely satisfy certain cybersecurity controls in connection with an information technology service provided to federal agencies. The settlement resolves allegations that Verizon’s Managed Trusted Internet Protocol Service (“MTIPS”), which was designed to provide federal agencies with secure connections to the public internet and other networks, did not completely satisfy three required cybersecurity controls related to its General Services Administration (“GSA”) contracts from 2017 through 2021.

When faced with the question of whether to self-disclose, companies often question the benefit of such a disclosure. There are a few important takeaways here.

First, this resolution is a great example of what a [seemingly] successful self-disclosure looks like. Based on the settlement and the press release, it appears that Verizon identified issues related to compliance with certain cybersecurity controls; provided the Government with a written self-disclosure; initiated an independent investigation and compliance review of the issues; and, provided the Government with detailed subsequent written disclosures. Apparently, Verizon also identified individuals involved in or responsible for the issues, assisted in the damages analysis, and remediated the identified issues, among other things. Verizon is demonstrating here what true cooperation looks like and how such cooperation can result in better results for the company. And, as a result of this level of cooperation, Verizon paid a 1.5 multiplier—substantially less than its potential exposure under the False Claims Act, which can be 3x the loss to the Government plus penalties.

Second, clients often ask about what makes a case criminal versus civil. By self-disclosing in a timely manner where the misconduct is clear, and cooperating with an investigation, the company can often avoid criminal liability. Once company management is made aware of misconduct, by continuing to engage in the conduct and failing to disclose such conduct (similar to the allegations set forth in the Booz Allen qui tam complaint), management exposes the company to civil and, possibly, criminal liability. In contrast, when companies voluntarily disclose such conduct, they can elect the venue of that disclosure, like whether to the approach the contracting agency directly or DOJ’s Civil Division. Likewise, by disclosing conduct, a company may avoid severe administrative remedies like suspension or exclusion.

Third, though we don’t know when Verizon submitted this self-disclosure, it appears that this process took less than 2 years given that the conduct ended in 2021—substantially shorter than most investigations initiated by qui tam complaints. This translates to lower (gasp) legal and expert costs for the company and, generally, lower reputational costs to the company and, ultimately, shareholders.

Finally, this resolution further demonstrates the Department’s commitment to the Cyber-Fraud Initiative that the Government launched in 2021. Meeting cybersecurity controls and requirements continues to be an area of the focus for the Government—companies should make sure they are staying abreast of their obligations of under their respective agreements to avoid pitfalls and disclose issues as necessary.

A link to the press release is provided here.

  • Denise M. Barnes
    Partner

    Denise Barnes is a former U.S. Department of Justice (“DOJ”) Trial Attorney who focuses her practice on compliance, white collar and regulatory investigations, and complex commercial litigation.  She represents clients in ...

    |
Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.