.png)
.png)
Guidehouse and Nan McKay & Associates (NM) will collectively pay $11.3 million to the Department of Justice (DOJ) to settle allegations that their cybersecurity failures led to the theft of client personal information during the COVID-19 pandemic. The DOJ announced this settlement in a press release on Monday.
Guidehouse has agreed to pay approximately $7.6 million, while NM will pay $3.7 million. These payments resolve claims brought under the qui tam provisions of the False Claims Act by Elevation 33, an entity owned by a former Guidehouse employee. This former employee is set to receive about $1.9 million of the settlement.
During the pandemic, the federal government provided rental assistance, with funds disbursed to states. New York contracted Guidehouse to administer its rental assistance program, which then subcontracted NM to provide an electronic platform for applicants to enroll in the program. However, in June 2021, personal and financial information submitted to this program was compromised within just 12 hours of its launch, according to the settlement agreement.
Guidehouse and NM admitted to failing to meet their obligations to keep data private, citing a lack of prelaunch testing and security flaws that could have been corrected. Furthermore, Guidehouse admitted it violated its contract with the state of New York by storing data in the cloud without permission.
“Contractors who receive federal funding must take their cybersecurity obligations seriously,” said Carla Freedman, U.S. Attorney for the Northern District of New York, in the press release. “We will continue to hold entities and individuals accountable when they knowingly fail to implement and follow cybersecurity requirements essential to protect sensitive information.”
Guidehouse has not immediately responded to a request for comment.
By fLEXI tEAM
Comments