QUANTICO, Va. -- A multiyear investigation by the Air Force Office of Special Investigations has resulted in an $8.4 million settlement with Raytheon and two affiliated companies, following federal allegations that the contractor failed to safeguard sensitive government data.
The violations, which triggered the False Claims Act, reflect a broader effort to hold contractors accountable and deter similar failures by making the consequences clear.
“This case reinforced the importance of holding defense contractors accountable for the cybersecurity obligations they agree to when handling sensitive government data,” said Special Agent Andrew Shih, an investigator at AFOSI Procurement Fraud (PF) Det. 6. “When contractors fail to meet these standards, it can have national security implications.”
The settlement resolves claims that the company used a noncompliant internal system to handle sensitive information across 29 Department of Defense contracts.
The Department of Justice formally announced the settlement May 1, adding that while the violations involved unclassified systems, they still posed risks to covered defense information.
“Failure to implement cybersecurity requirements can have devastating consequences, leaving sensitive DoD data vulnerable to cyber threats and malicious actors,” said Special Agent William Richards, AFOSI PF Special Agent in Charge.
“AFOSI, alongside our investigative partners and the Department of Justice, will continue to combat fraud affecting the Department of the Air Force and hold those accountable that fail to properly safeguard sensitive defense information.”
The $8.4 million settlement includes $4.2 million in restitution to the government, with the remainder assessed as interest. A portion of the funds, roughly $1.5 million, will go to a former Raytheon employee who filed the lawsuit under the False Claims Act’s whistleblower provisions.
The lawsuit was originally filed under seal in a federal court in Washington, D.C., and was later made public after the government decided to take over the case.
The alleged misconduct took place before RTX Corporation sold its Cybersecurity, Intelligence, and Services division to Nightwing Group, a cybersecurity and intelligence firm based in Dulles, Virginia, in 2024.
Although Nightwing wasn’t involved in the violations, it was included in the settlement because the company that inherited the business.
The case is part of the Justice Department’s increased focus on cyber-fraud enforcement, a broader push to hold federal contractors accountable when they fail to meet cybersecurity standards designed to protect sensitive government data.
“One of the cornerstones of DoD lethality is our technological superiority and the ability to out-innovate our adversaries,” Shih said. “This case is about reinforcing those cyber safeguards to protect such innovation and prevent adversaries from gaining insight into our future warfighting capabilities.”
The case began as a whistleblower lawsuit, filed under a law that allows private citizens to sue on the government’s behalf if they believe taxpayer money was obtained through false claims.
“Every dollar spent on defense is an investment in our national security, and it’s PF’s job to ensure those funds are used as intended,” said Jason Hein, director of AFOSI PF. “This case shows our commitment to defending the integrity of the defense industrial base while ensuring the military’s technological advantage is never compromised.”
(Editor’s note: This article is part of “The Price of Fraud,” a series examining the consequences of fraud within the Department of the Air Force. Each case reveals how fraud undermines readiness, wastes resources and results in lasting legal, financial and professional consequences.
The claims resolved by this settlement are allegations only. There has been no determination of liability, and Raytheon, RTX Corporation, and Nightwing have not admitted any wrongdoing as part of the agreement.)
Related links
Price of Fraud: AFOSI uncovers millions in contract violations
Price of Fraud: AFOSI recovers nearly $2 billion in recent years, targets fraud at all levels
Raytheon Companies and Nightwing Group to Pay $8.4M to Resolve False Claims Act Allegations Relating to Non-Compliance with Cybersecurity Requirements in Federal Contracts