A Navy defense contractor has agreed to pay back the US government more than half a million dollars after claiming a perfect cybersecurity score to the Pentagon, only to receive a near-bottom rating from government assessors years later.

The US Department of Justice on Thursday announced a settlement agreement with Logzone, a logistics services provider based in Huntsville, Alabama, which was first awarded one of two contracts with the US Navy in 2021.

Services offered by Logzone include logistics solutions, medical support, training, warehouse management, and operations and maintenance support, according to its website.

The DoJ claims that the disabled veteran-owned business from 2021 through 2025 failed to meet required cybersecurity standards while continuing to bill the Department of the Navy for its services, potentially leaving sensitive defense systems exposed to hackers.

Officials say the failures could have led to “significant exploitation of systems or exfiltration of sensitive defense information.”

“The protection of sensitive defense information by government contractors is critical to national security,” said US Attorney Phillip W. Williams Jr. for the Northern District of Alabama.

“Adherence to the cybersecurity provisions of contracts with the federal government must be a priority for all contractors, and this enforcement action should serve as a reminder of that,” Williams said.

Under the False Claims Act, Logzone has now agreed to pay $507,144 to settle the case.

What happened?

The allegations involve to two Navy contracts with the Naval Oceanographic Command Property Management Program at Stennis Space Center, Mississippi.

Under those contracts, Logzone was required to follow Department of Defense cybersecurity rules designed to protect sensitive military information handled by federal contractors.

According to court documents, Logzone submitted a “perfect self-assessment score of 110” in the Defense Department’s Supplier Performance Risk System in October 2021.

The scoring system ranges from -203 to 110.

But in February 2024, the DoD's cybersecurity assessment center completed its own review and found the company "received a score of -170" – a staggering 280 points lower than the perfect score it had previously self-submitted – placing it near the bottom of the possible scoring range.

The DoJ accused Logzone of “not fully implementing all cybersecurity controls in NIST SP 800-171” on information systems that processed, stored, or transmitted covered defense information.

The government says that, despite the abysmal scores, Logzone knowingly submitted claims for reimbursement to the Navy from May 2021 through March 2025.

The DoJ claims Logzone was fraudulently paid $682,193.37 under the Navy contracts through its last invoice submitted on March 8th, 2025.

Logzone did not admit liability as part of the agreement.

---

Unlock more exclusive Cybernews content on YouTube.