Guidehouse Inc. and Nan McKay and Associates will pay a combined $11.3 million for failing to meet cybersecurity requirements in a federally funded contract to assist low-income New Yorkers during the COVID-19 pandemic.

Guidehouse will pay $7.6 million, and Nan McKay will pay $3.7 million. They were responsible for ensuring the security of the Emergency Rental Assistance Program (ERAP) application used by New Yorkers. However, they did not complete the necessary pre-launch cybersecurity testing, resulting in a data breach that exposed applicants' personal information.

U.S. Attorney Carla B. Freedman emphasized the importance of cybersecurity in federal contracts, stating that contractors must protect sensitive information. The settlements also include a $1.9 million reward for the whistleblower who reported the violations.