Verizon tattles on itself, pays $4.1M False Claims Act settlement / Oscar Wong

The company self-reported cybersecurity issues when it discovered problems with its Managed Trusted Internet Protocol Service.

Verizon took the step of self-reporting security issues involving its Managed Trusted Internet Protocol Service to the General Security Administration's inspector general.

Now the carrier has settled a False Claims Act lawsuit for $4.1 million, the Justice Department said in a press release Tuesday that describes Verizon as a “cooperating federal contractor.” The settlement documents also use that description.

Restitution costs represent around $2.7 million of the overall amount. In essence, Verizon is paying back for services it didn’t provide to the government. MTIPS is designed to provide agencies with secure connections to the public internet and other external networks

Between 2017 and 2021, Verizon didn’t completely satisfy three required cybersecurity controls for Trusted Internet Connections: a Domain Name System security extension, full packet capture and certain encryption requirements.

Justice's release and the documents describe how Verizon discovered the issues and disclosed them to GSA. Verizon took several steps to mitigate and correct the issues.

Verizon analyzed the causes of the issues, implemented security controls and conducted a line-by-line review of its MTIPS system security plan. The company updated the security plan, internal documentation, procedures. It also created a compliance program to avoid a recurrence.

“Verizon received credit under the United States Department of Justice’s guidelines for taking disclosure, cooperation and remediation into account in False Claims Act cases,” according to the settlement document.

The settlement is part of Justice Department’s Civil Cyber-Fraud Initiative that is aimed at deficient cybersecurity products or services, misrepresentation of cyber practices and violating requirements to monitor and report breaches.