Georgia Tech’s research arm will pay the federal government $875,000 to settle a lawsuit alleging it flouted cybersecurity rules while doing contract work for the U.S. Department of Defense.
As part of the settlement, the public school located in Midtown Atlanta did not admit liability.
“From the outset, Georgia Tech denied the government’s allegations that mischaracterized our commitment to cybersecurity,” the school wrote in a statement. “We worked hard to educate the government about the strong compliance efforts of our researchers and are pleased to avoid the distraction of litigation by resolving this matter without any admission of liability.”
Announced by the Justice Department on Tuesday, the settlement ends a lawsuit that began in 2022, when two whistleblowers alleged their employer was not following cybersecurity rules.
Christopher Craig and Kyle Koza, a current and former member of Tech’s cybersecurity team, claimed that the Georgia Tech Research Corp. repeatedly failed to meet security standards that certain researchers found “burdensome.” They alleged that researchers who brought in lucrative federal contracts were akin to “star quarterbacks” who used their “power on campus” to skirt rules they found onerous.
The federal government joined their lawsuit last year, saying at the time that cybersecurity compliance is critical for safeguarding U.S. information.
Georgia Tech has consistently maintained that it followed regulations, saying last year that it was “extremely disappointed by the Department of Justice’s filing, which misrepresents Georgia Tech’s culture of innovation and integrity.” It added that there was no data leaked and no breach of information.
“This case has nothing to do with confidential information or protected government secrets. The government told Georgia Tech that it was conducting research that did not require cybersecurity restrictions, and the government itself publicized Georgia Tech’s groundbreaking research findings,” the school said at the time.
In Tuesday’s press release, Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division said that contractors failing to follow cybersecurity laws can make sensitive information vulnerable to malicious actors.
“Together with DoD and other agency partners, the Department of Justice will continue to pursue and litigate violations of cybersecurity requirements to hold contractors accountable when they violate their cybersecurity commitments,” Shumate said.
After receiving payment from the Georgia Tech Research Corp., the government will send roughly $200,000 to Craig and Koza, the whistleblowers who brought the suit.
About the Author
Keep Reading
The Latest
Featured
