On March 26, 2025, the Department of Justice (DOJ) announced a qui tam False Claims Act (FCA) settlement of $4.6 million between defense contractor MORSECORP Inc. (MORSE) and the United States. In the settlement, MORSE, headquartered in Cambridge, Massachusetts, resolved whistleblower allegations that they failed to comply with cybersecurity contracts with the Army and Air Force.
The allegations centered around MORSE knowing it had not complied with cybersecurity requirements for the Army or Air Force and submitting false or fraudulent claims for payment on contracts. Within the settlement, from January 2018 to September 2023, MORSE “admitted, acknowledged and accepted responsibility for” using an unverified third-party company to host MORSE emails, failing to implement required cybersecurity controls, lacking a written plan for its information systems, and fraudulently reporting their security control score as higher than it was in reality.
The settlement stems from a qui tam lawsuit filed on January 19, 2023, by a whistleblower, or “relator” under the FCA, against MORSE on behalf of the federal government. Under the False Claims Act’s qui tam provisions, private parties may file lawsuits on behalf of the federal government and share in any financial recovery. The most common qui tam cases concern alleged healthcare and defense contracting fraud like this case. In successful suits, whistleblowers who file a qui tam action may receive between 15% and 30% of the total settlement amount, depending on several factors, including whether the government intervenes in the case and the value of the information provided. In this case, the relator was awarded 18.5% of the settlement amount, totaling $851,000.
Leah B. Foley, the U.S. Attorney for the District of Massachusetts, commented, “Federal contractors must fulfill their obligations to protect sensitive government information from cyber threats.” She also noted that the DOJ will “continue to hold contractors to their commitments to follow cybersecurity standards to ensure that federal agencies and taxpayers get what they paid for, and make sure that contractors who follow the rules are not at a competitive disadvantage.”
This settlement reflects the DOJ’s increased focus on cybersecurity violations of FCA over the last years. In 2021, they announced the Civil Cyber Fraud Initiative “to combat new and emerging cyber threats to the security” of sensitive American systems. The Initiative utilizes the FCA and its qui tam provision to address cybersecurity fraud by government contractors, such as the alleged fraud by MORSE. “The False Claims Act is the government’s primary civil tool to redress false claims for federal funds and property involving government programs and operations,” the announcement read. The target corporations for these actions are ones that knowingly provide inadequate cybersecurity services, misrepresent cybersecurity protocols, or fail to monitor and report breaches in cybersecurity.
The Initiative – also part of a comprehensive enhancement of the DOJ’s cybersecurity abilities – aims to ensure that companies follow cybersecurity requirements, taxpayer money can be lawfully repossessed, and overall cybersecurity practices are improved to protect “the government, private users and the American public.”
During FY2024, settlements and judgments under the FCA exceeded $2.9 billion. Over $2.4 billion of those recoveries stemmed from qui tam whistleblower lawsuits. Furthermore, according to the government, a record 979 qui tam lawsuits were filed in FY2024.
The FCA has been essential in combatting cybersecurity fraud, but in September 2024, a district judge in Florida ruled that the act’s qui tam provisions were unconstitutional. The U.S. federal government is urging the U.S. Court of Appeals for the Eleventh Circuit to reverse that decision, stating in a brief that “other than the district court here, every court to have addressed the constitutionality of the False Claims Act’s qui tam provisions has upheld them.”
National Whistleblower Center has issued an Action Alert allowing whistleblower supporters to write the members of Congress urging them to protect and strengthen and protect the False Claims Act.
The claims asserted in this case are allegations only, and there has been no determination of liability.
Join NWC in Taking Action:
Strengthen the False Claims Act and Protect it From Attack
