The Department of Justice has fined several consulting companies on federal contracts to the tune of $11.3m.
The charges were incurred because the consulting companies failed to provide a secure environment for New Yorkers seeking rental aid during the COVID-19 pandemic. This was part of the Congress-approved 2021 established emergency rental assistance program (ERAP).
Guidehouse Inc. and Nan McKay failed to comply with federal cybersecurity standards and the general terms set out in what is known as the False Claims Act (FACA).
The False Claims Act, a law dating back to 1863, was enacted to prevent federal contractor fraud. It stipulates that anyone who knowingly submits false claims to the government is liable for three times the government’s damages plus a penalty linked to inflation.
Federal contractors fined
In 2021, the Office of Temporary and Disability Assistance (OTDA) was responsible for overseeing the distribution of rental assistance to New Yorkers. Low-income families could apply for this relief and should have been able to do so via a secure system.
The OTDA contracted Guidehouse to provide the New York ERAP, with Nan McKay providing the secure application platform. This platform was the lifeline for many of the people in need, enabling them to submit their applications for rental assistance and relief.
The Department of Justice found both parties complicit in failing to test the solutions used for the application process.
Furthermore, the pre-production cybersecurity testing of these solutions was clearly not acceptable to the standards set out by Congress. Guidehouse and Nan McKay admitted that their solution did not meet these standards.
A matter of hours into the launch of the ERAP platform on June 1, 2021, both parties realized that they had made a grave error. Sensitive data and compromised parts of the ERAP platform began to surface. These could have been avoided if both parties did their contractually obliged pre-launch user and securities testing. The platform was swiftly taken down to avoid further data security issues.
Guidehouse also admitted a breach of contract for using a third-party data cloud software program to store personally identifiable information without obtaining OTDA’s permission.
“These vendors failed to meet their data integrity obligations in a program on which so many eligible citizens depend for rental security, which jeopardized the effectiveness of a vital part of the government’s pandemic recovery effort,” said Acting Inspector General Richard K. Delmar of the Department of the Treasury.
Guidehouse has agreed to pay $7,600,000 and Nan McKay and Associates $3,700,000 to resolve allegations that they violated the False Claims Act by failing to meet cybersecurity requirements.
Image: Ideogram.