Related Federal Cases
- Ivan Petrov, Internet Fraud, California 2022 · Washington
- Mylan Inc, Deceptively Fueling Opioid Crisis, New York NY, 2023 · Washington
- Kenneth Thom, Investment Adviser Fraud, New York NY, 2026 · New York
- Letitia James Secures $720M from Opioid Drug Companies, New York NY… · Washington
- Letitia James Convicts Google of Ad Monopoly Violation, New York, 2023 · Washington
Guidehouse Inc., $11.3M Cybersecurity Breach, New York 2021
ALBANY, NEW YORK – Guidehouse Inc., headquartered in McLean, Virginia, has paid $7,600,000, and Nan McKay and Associates (Nan McKay), headquartered in El Cajon, California, has paid $3,700,000, to resolve allegations that they violated the False Claims Act by failing to meet cybersecurity requirements in contracts intended to ensure a secure environment for low-income New Yorkers to apply online for federal rental assistance during the COVID-19 pandemic.
The announcement was made by United States Attorney Carla B. Freedman; Principal Deputy Assistant Attorney General Brian M. Boynton of the Department of Justice’s Civil Division; Acting Inspector General Richard K. Delmar of the Department of the Treasury’s Office of Inspector General (Treasury OIG); and New York State Comptroller Thomas P. DiNapoli.
In early 2021, Congress established the emergency rental assistance program (ERAP) to provide financial assistance to eligible low-income households to cover the costs of rent, rental arrears, utilities, and other housing-related expenses during the COVID-19 pandemic. Participating governments were required to establish programs to distribute the federal funding to eligible tenants and landlords. In New York, the Office of Temporary and Disability Assistance (OTDA) was the state agency responsible for administering New York’s ERAP. In May 2021, Guidehouse and OTDA entered a contract under which Guidehouse, as the prime contractor, assumed responsibility for the New York ERAP, including for the ERAP technology and services provided to New Yorkers. Nan McKay, in turn, served as Guidehouse’s subcontractor and was responsible for delivering and maintaining the ERAP technology product used in New York to fill out and submit online applications requesting rental assistance (ERAP Application).
Guidehouse and Nan McKay shared responsibility for ensuring that the ERAP Application underwent cybersecurity testing in its pre-production environment before it was launched to the public. As part of the settlements announced today, Guidehouse and Nan McKay admitted that neither satisfied their obligation to complete the required pre-production cybersecurity testing. The State’s ERAP went live on June 1, 2021. Twelve hours later, OTDA shut down the ERAP website after determining that certain applicants’ personally identifiable information (PII) had been compromised and portions were available on the internet. Guidehouse and Nan McKay acknowledged that had either of them conducted the contractually-required cybersecurity testing, the conditions that resulted in the Information Security Breach may have been detected and the incident prevented.
United States Attorney Carla B. Freedman stated: “Contractors who receive federal funding must take their cybersecurity obligations seriously. We will continue to hold entities and individuals accountable when they knowingly fail to implement and follow cybersecurity requirements essential to protect sensitive information.”
Principal Deputy Assistant Attorney General Brian M. Boynton stated: “Federal funding frequently comes with cybersecurity obligations, and contractors and grantees must honor these commitments. The Department of Justice will continue to pursue knowing violations of material cybersecurity requirements aimed at protecting sensitive personal information.”
Acting Inspector General Richard K. Delmar stated: “These vendors failed to meet their data integrity obligations in a program on which so many eligible citizens depend for rental security, which jeopardized the effectiveness of a vital part of the government’s pandemic recovery effort. Treasury OIG is grateful for DOJ’s support of its oversight work to accomplish this settlement.”
Key Facts
- State: New York
- Category: Cybercrime
- Source: DOJ Press Release â†â€â€
ðŸâ€Â’ Get the grimiest stories delivered weekly. Subscribe free →
MORE FEDERAL CRIME NEWS
CybercrimeCybercrimeCybercrimeCybercrime