When Cybersecurity Becomes A Compliance Obligation: Lessons From The Illumina FCA Settlement
iapp, Tuesday, November 18th, 2025
In July, the U.S. Department of Justice announced that Illumina Inc., a leading manufacturer of genomic sequencing systems, would pay USD9.8 million to resolve allegations under the False Claims Act.
The case, which did not involve an actual data breach, centered instead on claims that Illumina knowingly sold sequencing systems to federal agencies that contained software with known cybersecurity vulnerabilities between February 2016 and September 2023.
The government argued Illumina falsely certified compliance with cybersecurity standards, making its claims for payment "false" under federal law. The settlement arose from a whistleblower suit filed by a former Illumina director, who will receive nearly USD1.9 million as part of the resolution.