Pennsylvania State University is paying the US $1.25 million to settle a legal dispute that it misrepresented its cybersecurity practices and failed to adequately secure data around 15 government contracts after a whistleblower at the university flagged the issue to the government, according to a release from the Justice Department on Tuesday.
“Federal contractors who store or access covered defense information must take required steps to protect that sensitive information from bad actors,” said US Attorney Jacqueline Romero in a statement. “When they fail to meet their cybersecurity obligations, we and our law enforcement partners will use every available tool to remedy the situation.”
The Justice Department says that Penn State failed to meet cybersecurity standards for its contracts with the US Department of Defense and NASA between 2018 and 2023 because the university did not choose an adequately secure cloud provider and allegedly misrepresented when it would ramp up its cybersecurity measures. Ultimately, it failed to meet US cybersecurity standards for federal contracts, and such behaviors put US data at risk. PCMag has reached out to Penn State for comment.
Former Penn State employee Matthew Decker blew the whistle on the university’s behavior through the False Claims Act, which lets whistleblowers file suits on behalf of the government when an entity in question has submitted false claims to the government. Decker previously worked as the school’s chief information…
