On May 8, 2019, a judge in the U.S. District Court for the Eastern District of California held in United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., et. al, that a contractor’s failure to comply with a government contract’s cybersecurity requirements could be deemed “material” and thus impose liability under the False Claims Act (FCA).
The case began in October 2015, when relator Brian Markus alleged that Aerojet Rocketdyne entered into contracts with the federal government despite knowing that it was in non-compliance with multiple cybersecurity standards.