Reward for Insider: U.S. DOJ Grants Former Illumina Director $1.9M for Exposé on Non-Compliant Tech Sold to Federal Buyers

• Lawsuit settlement: Biotechnology company Illumina agreed to pay $9.8 million to settle an ongoing lawsuit
• Illumina allegations: The company was accused of selling vulnerable genomic sequencing systems to federal agencies.
• Cybersecurity shortcomings: The software reportedly lacked sufficient cybersecurity measures and robust cybersecurity compliance.

Illumina Inc. has agreed to a $9.8 million settlement to address allegations under the False Claims Act related to cybersecurity shortcomings in its genomic sequencing systems, as announced on July 31, 2025.

The settlement resolves a whistleblower lawsuit alleging that the California-based biotechnology company knowingly sold vulnerable systems to federal agencies.  

Allegations and Settlement Details  

The claims, spanning February 2016 to September 2023, contend that Illumina sold genomic sequencing systems with software that lacked sufficient cybersecurity measures and robust cybersecurity compliance. 

The U.S. contended that Illumina knowingly failed to:

• incorporate product cybersecurity in its software design, development, installation, and on-market monitoring
• properly support and resource personnel, systems, and processes tasked with product security
• adequately correct design features that introduced cybersecurity flaws in the genomic sequencing systems

The lawsuit also alleged that Illumina falsely represented that the software complied with cybersecurity standards, such as those from the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST). 

The whistleblower, a former Director for Platform Management, On-Market Portfolio at Illumina, will receive $1.9 million of the settlement under the qui tam provisions of the False Claims Act, which permit private parties to sue on behalf of the government and receive a share of any recovery.

Implications for Cybersecurity in Genomic Data  

This settlement emphasizes the critical importance of cybersecurity compliance in industries dealing with sensitive data, such as genomics. 

Federal authorities, including the Department of Justice and the Department of Health and Human Services, underscored the risks posed by vulnerabilities in systems handling genomic information.