Skip to main content
Press Release

Sunnyvale-Based Network Security Company Agrees To Pay $545,000 To Resolve False Claims Act Allegations

For Immediate Release
U.S. Attorney's Office, Northern District of California
Fortinet, Inc. acknowledges its now-terminated employee directed alteration of labels to obscure country of products’ origin

SAN FRANCISO –Sunnyvale-based Fortinet, Inc. has agreed to a settlement valued at $545,000 to resolve allegations it violated the False Claims Act by falsely representing its products were in compliance with the Trade Agreements Act (TAA), 19 U.S.C. § 2501 et seq., announced United States Attorney David L. Anderson; Defense Criminal Investigative Service (DCIS) Special Agent in Charge Bryan D. Denny; General Services Administration Office of the Inspector General (GSA-OIG), Western Field Office, Special Agent in Charge Theresa Quellhorst; Director of the U.S. Army Criminal Investigation Command’s (USACIDC) Major Procurement Fraud Unit Frank Robey; and Department of Homeland Security Office of Inspector General (DHS-OIG) Special Agent in Charge Amanda Thandi.    

According to the settlement agreement made public today, Fortinet acknowledged that during the more than seven years between January of 2009 and the fall of 2016, a Fortinet employee responsible for supply chain management (the “Responsible Employee”) arranged to have labels on certain products altered to make the products appear to be compliant with the TAA.  A portion of the products were resold through distributors and subsequent resellers to U.S. government end users. 

“Today’s announcement illustrates the continuing commitment of the U.S. Attorney’s Office and our law enforcement partners to identify and prosecute fraudulent schemes relating to the sale of goods to the United States,” said U.S. Attorney Anderson.  

“Contractors that supply the U.S. Government with Chinese-made technology will be pursued and held accountable when violating the Trade Agreement Act,” said DCIS Special Agent in Charge Denny.  “The DCIS and its law enforcement partners are committed to combatting procurement fraud and cyber risk within U.S. Department of Defense programs.”

“This settlement displays the steadfast commitment of our agents and our federal law enforcement partners,” said USACIDC Director Robey. “This settlement is a clear signal to the supply community doing business with the Department of the Army—fraud will not be tolerated in any way, shape or form.” 

“Contractors who undermine American trade interest and pose a security risk by selling unauthorized foreign-made devices to the United States will be held accountable,” said DHS-OIG Special Agent in Charge Thandi.  “Contracting companies that conduct business with the federal government must uphold our trade laws; any misrepresentation during this process undercuts its integrity.”  

“This settlement reflects the GSA OIG’s commitment to work with our law enforcement partners to aggressively investigate and prosecute those who seek to fraudulently sell products to the federal government that do not meet the standards set by law,” said GSA OIG Special Agent in Charge Theresa Quellhorst.

The TAA generally prohibits certain government contractors from purchasing products that are not entirely from, or “substantially transformed” in, the United States or certain designated countries.  Fortinet sells network security devices, some of which may be sold through distributors and subsequent resellers to U.S. government end users.  In this case, Fortinet acknowledged the Responsible Employee directed certain employees and contractors to change product labels so that no country of origin was listed, or to include the phrases “Designed in the United States and Canada,” or “Assembled in the United States.”  Fortinet acknowledged that the Responsible Employee’s actions involved products sold to certain distributors that subsequently sold them to resellers, which in turn sold a portion of them to U.S. government end users.  The Responsible Employee has since been terminated from employment with Fortinet.

To settle the allegations, Fortinet has agreed to pay $400,000 and to provide the United States Marine Corps with additional equipment valued at $145,000.  

The lawsuit was filed by Yuxin “Jay” Fang under the qui tam provisions of the False Claims Act.  Under the act, private citizens can bring suit on or behalf of the government for false claims and share in any recovery.  The act also permits the United States to intervene in and take over a whistleblower suit, as was done here.  

This matter was investigated by the U.S. Attorney’s Office of the Northern District of California, along with the DCIS, GSA-OIG, Air Force Office of Special Investigations, USACIDC, DHS-OIG, the Department of the Navy, and the Coast Guard Investigative Service.  Fortinet cooperated in the government’s investigation, including by sharing the results of its internal investigation in this matter.  The settlement reflects Fortinet’s cooperation with the government in this and other matters.

Assistant U.S. Attorney Ellen London is handling the case with the assistance of Garland He, Jacqui Hollar, and Tina Louie.  

Updated April 15, 2019