DOJ to Hit Government Contractors with ‘Very Hefty Fines’ If They Fail to Disclose Data Breaches

The Department of Justice today launched a “civil cyber fraud initiative” that will punish government contractors and other firms that receive federal funding with severe fines if they fail to disclose data breaches.

“For too long, companies have chosen silence under the mistaken belief that it’s less risky to hide a breach than to bring it forward and report it,” Deputy Attorney General Lisa Monaco said during the Aspen Institute Cyber Summit. “Well, that changes today.”

Monaco said the Justice Department will for the first time use civil enforcement tools to go after government contractors that fail to follow required cybersecurity standards. “We know that puts all of us at risk,” she said. The department will use existing authorities under the False Claims Act. 

“Where those who are entrusted with government dollars or work on sensitive government systems fail to follow required cybersecurity standards, we’re going to go after that behavior and extract very hefty fines,” Monaco said.  

She added that the department would protect whistleblowers who bring any violations and failures forward. 

Monaco’s remarks follow numerous high-profile breaches of federal networks and U.S. critical infrastructure and as Congress considers multiple cybersecurity-related bills that could regulate the way companies report cyber incidents to the government.