- About CW
- Topics
- Events
- Research
- Awards
- CW Connect
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
Government contractor fined $307K after third-party hack compromised personal data
By 
Aaron Nicodemus2024-10-16T15:34:00
It was a double whammy of cybersecurity no-nos for a federal contractor hit with a data breach: The personal data of Medicare beneficiaries contained in unencrypted screenshots were allegedly compromised when their third-party vendor’s server was hacked.
Virginia-based ASRC Federal Data Solutions (AFDS) agreed to pay nearly $307,000 to the Department of Justice to settle a False Claims Act (FCA) violation related to the breach, the DOJ said in a press release Wednesday. The company also agreed to waive more than $877,000 in costs it incurred notifying beneficiaries and providing credit monitoring.
The DOJ alleged that the storing of screenshots on the third-party vendor’s server violated cybersecurity requirements of the company’s contract with the Centers for Medicare and Medicaid Services (CMS), and that AFDS “knowingly billed CMS in violation of these requirements.”
Related articles
-
News BriefDOJ fines MORSE Corp $4.6M for lax cyber controls amid crack down on federal contractors
Yet another government contractor has been slapped with a fine by the Department of Justice for applying lax cybersecurity defenses on sensitive government data.
-
News BriefDOJ orders Lockheed Martin to pay $30M over defective pricing on F-35 contracts
The Department of Justice announced it reached a settlement with Lockheed Martin stemming from allegations of “defective pricing on contracts for F-35 military aircraft.” The deal comes days after Attorney General Pam Bondi was confirmed by the Senate, which will shift the DOJ’s focus away from white-collar misconduct.
-
News BriefAmerican Water Works discloses probe into cybersecurity breach
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
More from Regulatory Enforcement
-
News BriefSEC Chair Atkins signals end to ‘regulation by enforcement’ in line with Trump’s pro-crypto agenda
The Securities and Exchange Commission Chair Paul Atkins explained his agency’s shift on cryptocurrency regulation to a Senate committee as legislators bargain over President Donald Trump’s “One Big Beautiful Bill” and the GENIUS Act, which would have the federal government invest heavily in cryptocurrency.
-
ArticleU.K. reins in crypto firms to combat ‘scandal’ of freewheeling finfluencers
Up to 25,000 people a year in the U.K. are illegally promoting financial products or offering financial advice on social media, but none have yet appeared in court, according to the first Treasury Select Committee meeting on the subject of so-called “finfluencers.” Regulated financial services firms must comply with strict ...
-
Basic PageSEC drops Binance lawsuit as Trump admin continues reshaping crypto enforcement
The Securities and Exchange Commission dropped its case against cryptocurrency exchange Binance, just the latest in a string of dismissals that highlight the SEC’s change of course under the crypto-friendly Trump administration.