DOJ Cybersecurity Enforcement Pace Shows No Signs of Slowing Down Going Into 2026

An unprecedented cyber qui tam action involving Georgia Tech’s alleged failure to comply with certain cybersecurity controls underscores the importance of having advanced cyber requirements for federal contractors. Our Education, False Claims Act, and Privacy teams flesh out what businesses need to know.

On July 31, 2025, the United States Department of Justice (DOJ) announced a $9.8 million settlement with Illumina, Inc. (Illumina) to resolve alleged False Claims Act (FCA) violations related to cybersecurity vulnerabilities and shortcomings in its genomic sequencing products. Of the total settlement, $1.9 million will be paid to the qui tam whistleblower who brought […]

The post DOJ Settles Cyber Qui Tam Action Against Illumina for Allegedly Unsecured Genomic Sequencing Products appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

On March 26, 2025, the United States Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. (MORSE) to settle alleged violations of the False Claims Act (FCA), specifically regarding MORSE’s cybersecurity program.  The DOJ and MORSE—a government contractor that provides services to both the Departments of the Army and Air […]

The post DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

On October 11, 2024, the Department of Defense (“DoD”) issued its Final Program Rule for the Cybersecurity Maturity Model Certification (“CMMC”) Program. The Final Rule is a signal to federal contractors to develop compliance programs pertaining to CMMC in advance of the implementation of CMMC (likely next year). The CMMC program is designed to ensure […]

The post Summary of Changes from DoD CMMC Proposed Rule to Final Rule appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

On Thursday, August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention in the case of United States of America ex rel. Christopher Craig and Kyle Koza, v. Georgia Tech Research Corp. and Board of Regents of the University System of Georgia (d/b/a the Georgia Institute of Technology) (United States v. Georgia […]

The post Department of Justice Intervenes in Cybersecurity Qui Tam Action Against Georgia Tech appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.