Matthew Decker is the former chief information officer for Penn State University’s Applied Research Laboratory. As of October, he’s also $250,000 richer.
In his Penn State position, Decker was well placed to see that the university was not implementing all of the cybersecurity controls that were required by its various contracts with NASA and the Department of Defense (DoD). It did not, for instance, use an external cloud services provider that met the DoD’s security guidelines, and it fudged some of the self-submitted “scores” it made to the government about Penn State’s IT security.
So Decker sued the school under the False Claims Act, which lets private individuals bring cases against organizations on behalf of the government if they come across evidence of wrongdoing related to government contracts. In many of these cases, the government later “intervenes” to assist with the case (as it did here), but whether it does so or not, whistleblowers stand to collect a percentage of any fines if they win.
In October, Penn State agreed to a $1.25 million settlement with the government; Decker got $250,000 of the money.
On the regular
This now happens in IT with some regularity. In November, Dell, Dell Federal Systems, and Iron Bow Technologies settled with the government for $4.3 million over claims that they “violated the False Claims Act by submitting and causing the submission of non-competitive bids to the Army and thereby overcharging the Army under the Army Desktop and Mobile Computing 3 (ADMC-3) contract.”
But once again, this wasn’t something the government uncovered on its own; a whistleblower named Brent Lillard, who was an executive at another company in the industry, brought the initial complaint. For his work, Lillard just made $345,000.
In early December, Gen Digital (formerly Symantec) paid a much larger fee—$55.1 million—after losing a trial in 2022. Gen Digital/Symantec was found liable for charging the government higher prices than it charged to companies.
Once again, the issue was brought to light by a whistleblower, Lori Morsell, who oversaw the contract for Gen Digital/Symantec. Morsell’s award has not yet been determined by the court, but given the amount of the payout, it should be substantial.
False Claims Act goes digital
Due to the complexity of investigating—or even finding out about—technical failures and False Claims Act cases from the outside of an organization, the government has increasingly relied on whistleblowers to kick-start these sorts of IT cases.
