Federal IT contractor to pay $14.75 fine over ‘cyber fraud’ allegations

A Maryland-based company supplying IT services to the U.S. government has agreed to a $14.75 million fine to settle alleged violations of its contracts with federal agencies.

Hill Associates is accused of billing for personnel who did not have the required amount of experience or education stipulated within the contract. The Department of Justice also alleged that Hill Associates had billed for cybersecurity services that were out of the scope of its contract, and which would have required it to undergo a technical evaluation required by the General Services Administration. According to a settlement agreement, the company had not passed such an evaluation. 

It was also accused of charging for unapproved fees and for overstating its overhead costs by including incentive compensation for executives. 

Hill Associates had a contract to supply services to the Department of Justice and Treasury Department from 2018 until 2023. On top of the nearly $15 million fine, Hill Associates also agreed to pay 2.5% of its annual revenues exceeding $18.8 million beginning next year and lasting until the end of the decade.

The case was brought under the False Claims Act, a 160-year-old law that allows the government to collect civil damages from contractors who violate the terms of their agreement. 

“Information technology contractors are expected to charge the government appropriately for their services,” Brett Shumate, assistant attorney general at the Department of Justice, said in a statement. “We will continue to pursue cyber fraud and hold accountable those companies that knowingly fail to meet contractual obligations to the American taxpayers.”

The agreement with Hill Associates is not “an admission of liability,” the document said. The company did not immediately respond to a request for comment. 

The government has brought several False Claims Act cases this year against contractors over cybersecurity deficiencies. In May, defense contractors Raytheon and Nightwing Group agreed to pay the government $8.4 million to settle allegations that Raytheon did not have ample cybersecurity protections.

In February, a healthcare contractor for the U.S. military agreed to pay more than $11 million to settle allegations that it lied about its cybersecurity posture.