Commitments and Contingencies |
12 Months Ended |
---|---|
Sep. 30, 2024 | |
Commitments and Contingencies Disclosure [Abstract] | |
Commitments And Contingencies | COMMITMENTS AND CONTINGENCIES Litigation
We are subject to audits, investigations, and reviews relating to compliance with the laws and regulations that govern our role as a contractor to agencies and departments of federal, state, local, and foreign governments. Adverse findings could lead to criminal, civil, or administrative proceedings, and we could be faced with penalties, fines, suspension, or debarment. Adverse findings could also have a material adverse effect on us because of our reliance on government contracts. We are subject to periodic audits by federal, state, local, and foreign governments for taxes. We are also involved in various claims, arbitrations, and lawsuits arising in the normal conduct of our business, which include but are not limited to bid protests, employment matters, contractual disputes, and charges before administrative agencies. Except for the matters described below for which we cannot predict the outcome, we do not believe the outcome of any existing matter would likely have a material adverse effect on our consolidated financial position, results of operations, or cash flows.
We evaluate developments in our litigation matters and establish or make adjustments to our accruals as appropriate. A liability is accrued if a loss is probable and the amount of such loss can be reasonably estimated. If the risk of loss is probable, but the amount cannot be reasonably estimated, or the risk of loss is only reasonably possible, a potential liability will be disclosed but not accrued, if material. Due to the inherent uncertainty in the outcome of litigation, our estimates and assessments may prove to be incomplete or inaccurate and could be impacted by unanticipated events and circumstances, adverse outcomes, or other future determinations.
MOVEit Cybersecurity Incident Litigation
As the Company has previously disclosed, on May 31, 2023, Progress Software Corporation, the developer of MOVEit, a file transfer application used by many organizations to transfer data, announced a critical zero-day vulnerability in the application that allowed unauthorized third parties to access its customers’ MOVEit environments. Maximus uses MOVEit for internal and external file sharing purposes, including to share data with government customers related to Maximus's services in support of certain government programs. Based on its review of the impacted files to date, the Company has provided notices to individuals whose personal information, including social security numbers, protected health information, and/or other personal information, may have been included in the impacted files.
On August 1, 2023, a purported class action was filed against Maximus Federal Services, Inc. (a wholly-owned subsidiary of Maximus, Inc.) in the U.S. District Court for the Eastern District of Virginia arising out of the MOVEit cybersecurity incident – Bishop v. Maximus Federal Services, Case No. 1:23-cv-01019 (U.S. Dist. Ct. E. D. VA). The plaintiff, who purports to represent a nationwide class of individuals, alleges, among other things, that the Company’s negligence resulted in the compromise of the plaintiff’s personally identifiable information and protected health information. The plaintiff seeks damages to be proved at trial. Over the course of the next year, twelve similar cases were filed in federal courts across the country (inclusive of one case filed in state court and removed to federal court by the Company).
On October 4, 2023, the United States Judicial Panel on Multidistrict Litigation granted a Motion to Transfer creating a Multidistrict Litigation (MDL) in the District of Massachusetts for all cases related to the MOVEit cybersecurity incident. Each of the actions pending in federal courts are now centralized in the MDL.
The parties participating in the MDL have submitted briefing on an omnibus motion to dismiss Plaintiffs’ claims pursuant to Rule 12(b)(1) challenging Plaintiffs’ standing to bring this suit. That motion is currently pending with the Court. The Court has also named Maximus as a bellwether defendant in the MDL. Maximus and the other bellwether defendants anticipate filing motions to dismiss the pending actions pursuant to Rule 12(b)(6). Maximus and the other bellwether defendants will participate in phased discovery, with limited discovery prior to the Court’s decision on the Rule 12 motions, and, if applicable, full discovery following the Court’s decision on those motions.
Separately, a number of individual actions related to the incident are currently pending in Florida state courts. On September 6, 2023, an individual action related to the MOVEit incident was filed in state court in the Florida Circuit Court for the 7th Judicial Circuit, Volusia County: Taylor v. Maximus Federal Services, Case No. 2023-12349 (Fla. Cir. Ct., 7th Jud. Cir., Volusia Cnty.). The plaintiff alleges, among other things, that the Company’s negligence resulted in the compromise of the plaintiff’s personally identifiable information and protected health information. The plaintiff seeks damages to be proved at trial. On April 3, 2024, the Court stayed this action pending the issuance of a scheduling order in the MOVEit MDL that contemplates timing for class certification. Such a scheduling order has not yet been issued and this case remains stayed.
In addition, a total of seven individual actions related to the incident were filed in Florida County courts by a single Plaintiffs’ firm. In November 2024, these plaintiffs, plus an eighth individual with similar claims, agreed to settle their claims. The Company anticipates the related seven cases will be dismissed in the near future.
The company also settled a single matter related to the incident filed in small claims court in Texas. That case has been dismissed.
The Company is not able to determine or predict the ultimate outcome of any of the remaining proceedings or reasonably provide an estimate or range of the possible outcome or loss, if any.
Census Project – Civil Investigation Demand (CID)
In 2021, Maximus received a CID from the U.S. Department of Justice (DOJ) pursuant to the False Claims Act seeking records pertaining to the Census project. The CID requested the production of documents related to the Company’s compliance with telephone call quality assurance scoring and reporting requirements. The Company is cooperating with the DOJ in its investigation and providing responses and information on an ongoing basis. The Company recorded an accrual of $8.2 million for the year ended September 30, 2024. While it is reasonably possible that losses exceeding the amount accrued may be incurred, it is not possible at this time to estimate the additional possible loss in excess of the amount already accrued.
Maximus Federal Services, Inc. v. United States
In October 2024, Maximus Federal Services, Inc. (a wholly-owned subsidiary of Maximus, Inc.) filed suit in the U.S. Court of Federal Claims, challenging the inclusion of a “labor harmony agreement” and related requirements in a solicitation issued by the Centers for Medicare and Medicaid Services (CMS) to reprocure the Contact Center Operations (CCO) 1-800-MEDICARE contract. The labor harmony agreement requirements mandate that the apparent successful offeror and contractor throughout performance enter into a labor harmony agreement with any union that demonstrates an intent to represent the workforce or risk ineligibility for contract award or default of the contract, among other remedies available to the government. The lawsuit alleges that the challenged requirements are unlawful, unduly restrictive of competition, and arbitrary and capricious. This lawsuit followed the Government Accountability Office’s ruling in September 2024 that partially sustained the Company’s pre-award protest, requiring CMS to revise the solicitation to remove an ambiguity.
Performance Bonds
Certain contracts require us to provide a surety bond as a guarantee of performance. As of September 30, 2024, we had performance bond commitments totaling $34.9 million. These bonds are typically renewed annually and remain in place until the contractual obligations are satisfied. Although the triggering events vary from contract to contract, in general, we would only be liable for the amount of these guarantees in the event of default in our performance of our obligations under each contract, the probability of which we believe is remote.
|