DOJ Takes Over Whistleblower Cybersecurity Suit Against Georgia Tech

Christopher Craig and Kyle Koza, senior members of Georgia Tech’s cybersecurity compliance team, filed a whistleblower cybersecurity suit against Georgia Tech and its research affiliate, alleging that they ignored cybersecurity regulations and jeopardized sensitive defense information. 

Chris Riotta, writing for Bank Info Security, reports that the DOJ has taken over the suit as part of the Civil Cyber-Fraud Initiative, designed to hold organizations responsible for jeopardizing US information by failing to provide adequate cybersecurity protections.

The lawsuit, filed in the United States District Court for Georgia’s Northern District, accuses the Astrolavos Lab at the Georgia Institute of Technology of failing to install or run antivirus and anti-malware tools on its networks and submitting a knowingly false cybersecurity assessment.

On August 23, the Department of Justice announced it was intervening in the case. According to the DOJ, Georgia Tech falsely claimed it scored 98 out of 110 on a self-assessed cybersecurity evaluation. “In fact, according to these employees, the score was “not actually describing something that exists,” the lawsuit alleges.

In a statement, Georgia Tech called the DOJ’s intervention extremely disappointing and said the lawsuit “has nothing to do with confidential information or protected government secrets.”

“The government told Georgia Tech that it was conducting research that did not require cybersecurity restrictions, and the government publicized Georgia Tech’s groundbreaking research findings,” according to the statement. “There was no information breach, and no data was leaked.”