Alston & Bird Privacy, Cyber & Data Strategy Blog

DOJ Settles False Claims Act Case with LOGZONE Over Cybersecurity Deficiencies

By , , and

On June 18, 2026, the United States Department of Justice (DOJ) announced that it had reached a settlement with defense contractor LOGZONE, Inc. (LOGZONE) in which the company agreed to pay $507,144 to resolve its liability under the False Claims Act (FCA) for allegedly failing to comply with cybersecurity requirements. LOGZONE provides logistics, medical, training, and other services to the Department of Defense (DOD) and government civilian agencies.

The DOJ alleged that LOGZONE knowingly submitted false claims for payment on two Navy contracts when it failed to comply with the contracts’ cybersecurity requirements between May 2021 and March 2025. Specifically, LOGZONE allegedly failed to implement cybersecurity controls required by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. The DOJ alleged that LOGZONE assessed itself with a perfect score of 110 for its implementation of its NIST SP 800-171 security controls in 2021. The Defense Contract Management Agency, however, assessed LOGZONE’s implementation of NIST SP 800-171 security controls at a score of -170 in an assessment dated February 2, 2024. The lowest possible score is a -203.

The DOJ asserted that LOGZONE’s failure to implement all NIST SP 800-171 cybersecurity controls exposed defense information to vulnerabilities that could “lead to significant exploitation of the system or exfiltration of covered defense information,” or “have a specific and confined effect on the security of the system and its data,” according to the settlement.

Of the $507,144 in total settlement costs, $253,572 constitutes restitution, reflecting the typical FCA settlement multiplier of 2x.

The DOJ’s settlement with LOGZONE reflects the government’s continued focus on defense contractor cybersecurity as a highly active regulatory and enforcement area; in 2025, the DOD finalized its Cybersecurity Maturity Model Certification (CMMC) rule, which established a tiered compliance framework for all defense contractors and subcontractors. Aspects of the rule have been becoming effective on a rolling basis, with full, mandatory implementation in all DOD contracts required starting November 10, 2028.

LinkedIn
Avatar photo

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

Avatar photo

About Andrew Liebler

Andrew Liebler is a partner with Alston & Bird’s Litigation & Trial Practice Group. Andrew focuses his practice on health care, privacy, antitrust, and complex commercial litigation.

[Read Bio]

Avatar photo

About Lance Taubin

Lance Taubin advises clients on cybersecurity and data privacy issues, including cybersecurity breach preparedness and response, cybersecurity and privacy compliance and enforcement, managing cyber risk, technology transactions, and M&A diligence.

[Read Bio]

Avatar photo

About Taylor Veracka

Taylor’s diverse experience in matters in and out of litigation helps her develop creative and analytical approaches to clients’ complex litigation matters.

[Read Bio]

Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly