Consulting firms settle $11.3M cybersecurity case

Consulting firms settle $11.3M cybersecurity case

Cybersecurity Case

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay $11.3 million to resolve allegations of failing to meet cybersecurity requirements. The allegations stem from violations of the False Claims Act related to contracts intended to ensure a secure environment for low-income New Yorkers to apply online for federal rental assistance during the COVID-19 pandemic.

In early 2021, Congress established the Emergency Rental Assistance Program (ERAP) to assist eligible low-income households with rent and other housing-related expenses during the pandemic. The New York Office of Temporary and Disability Assistance (OTDA) administered the state’s ERAP. Guidehouse, as the prime contractor, and Nan McKay, as the subcontractor, were tasked with ensuring the cybersecurity of the ERAP technology.

However, both companies admitted failing to conduct the required pre-production cybersecurity testing. As a result, when the ERAP website went live on June 1, 2021, it was shut down just 12 hours later after a data breach compromised applicants’ personally identifiable information (PII).

Cybersecurity failures in ERAP contract

The companies acknowledged that proper cybersecurity testing could have prevented the breach. Principal Deputy Assistant Attorney General Brian M. Boynton emphasized the importance of cybersecurity obligations tied to federal funding, stating, “The Justice Department will continue to pursue knowing violations of material cybersecurity requirements aimed at protecting sensitive personal information.”

The investigation was prompted by a whistleblower lawsuit filed under the False Claims Act by Elevation 33 LLC, owned by a former Guidehouse employee.

The whistleblower will receive a $1,949,250 share of the settlement amount. Acting Inspector General Richard K. Delmar of the Department of the Treasury and New York State Comptroller Thomas P.

See also  Esa scientists 3D print space bricks

DiNapoli stressed the importance of safeguarding personal information and maintaining the integrity of vital government programs. The settlements underscore the government’s commitment to holding entities accountable for cybersecurity failures. Guidehouse Inc., headquartered in McLean, Virginia, will pay $7.6 million, while Nan McKay and Associates, based in El Cajon, California, will pay $3.7 million.


About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist