Commitments And Contingencies |
3 Months Ended |
---|---|
Dec. 31, 2024 | |
Commitments and Contingencies Disclosure [Abstract] | |
Commitments And Contingencies | COMMITMENTS AND CONTINGENCIES Litigation
We are subject to audits, investigations, and reviews relating to compliance with the laws and regulations that govern our role as a contractor to agencies and departments of federal, state, local, and foreign governments. Adverse findings could lead to criminal, civil, or administrative proceedings, and we could be faced with penalties, fines, suspension, or debarment. Adverse findings could also have a material adverse effect on us because of our reliance on government contracts. We are subject to periodic audits by federal, state, local, and foreign governments for taxes. We are also involved in various claims, arbitrations, and lawsuits arising in the normal conduct of our business, which include but are not limited to bid protests, employment matters, contractual disputes, and charges before administrative agencies. Except for the matters described below for which we cannot predict the outcome, we do not believe the outcome of any existing matter would likely have a material adverse effect on our consolidated financial position, results of operations, or cash flows.
We evaluate developments in our litigation matters and establish or make adjustments to our accruals as appropriate. A liability is accrued if a loss is probable and the amount of such loss can be reasonably estimated. If the risk of loss is probable, but the amount cannot be reasonably estimated, or the risk of loss is only reasonably possible, a potential liability will be disclosed but not accrued, if material. Due to the inherent uncertainty in the outcome of litigation, our estimates and assessments may prove to be incomplete or inaccurate and could be impacted by unanticipated events and circumstances, adverse outcomes, or other future determinations.
MOVEit Cybersecurity Incident Litigation
As the Company has previously disclosed, on May 31, 2023, Progress Software Corporation, the developer of MOVEit, a file transfer application used by many organizations to transfer data, announced a critical zero-day vulnerability in the application that allowed unauthorized third parties to access its customers’ MOVEit environments. Maximus uses MOVEit for internal and external file sharing purposes, including to share data with government customers related to Maximus's services in support of certain government programs. Based on its review of the impacted files to date, the Company has provided notices to individuals whose personal information, including social security numbers, protected health information, and/or other personal information, may have been included in the impacted files.
On August 1, 2023, a purported class action was filed against Maximus Federal Services, Inc. (a wholly-owned subsidiary of Maximus, Inc.) in the U.S. District Court for the Eastern District of Virginia arising out of the MOVEit cybersecurity incident – Bishop v. Maximus Federal Services, Case No. 1:23-cv-01019 (U.S. Dist. Ct. E. D. VA). The plaintiff, who purports to represent a nationwide class of individuals, alleges, among other things, that the Company’s negligence resulted in the compromise of the plaintiff’s personally identifiable information and protected health information. The plaintiff seeks damages to be proved at trial. Over the course of the next year, twelve similar cases were filed in federal courts across the country (inclusive of one case filed in state court and removed to federal court by the Company).
On October 4, 2023, the United States Judicial Panel on Multidistrict Litigation granted a Motion to Transfer creating a Multidistrict Litigation (MDL) in the District of Massachusetts for all cases related to the MOVEit cybersecurity incident. Each of the actions pending in federal courts are now centralized in the MDL.
On December 12, 2024, the Court granted in part Defendants' omnibus motion to dismiss Plaintiffs’ claims pursuant to Rule 12(b)(1) challenging Plaintiffs’ standing to bring this suit, dismissing claims brought by four of the Plaintiffs in the MOVEit MDL. None of the dismissed claims were asserted against the Company.
The Court has also named the Company as a bellwether defendant in the MDL. The Company and the other bellwether defendants are preparing motions to dismiss the pending actions pursuant to Rule 12(b)(6). The Company and the other bellwether defendants will participate in phased discovery, with discovery partially limited prior to the Court’s decision on the Rule 12(b)(6) motions.
Separately, there is currently an individual action pending against the Company in Florida state court. On September 6, 2023, an individual action related to the MOVEit incident was filed in state court in the Florida Circuit Court for the 7th Judicial Circuit, Volusia County: Taylor v. Maximus Federal Services, Case No. 2023-12349 (Fla. Cir. Ct., 7th Jud. Cir., Volusia Cnty.). The plaintiff alleges, among other things, that the Company’s negligence resulted in the compromise of the plaintiff’s personally identifiable information and protected health information. The plaintiff seeks damages to be proved at trial. On April 3, 2024, the Court stayed this action pending the issuance of a scheduling order in the MOVEit MDL that contemplates timing for class certification. Such a scheduling order has not yet been issued and this case remains stayed.
The Company also settled seven individual actions in Florida state courts and a single matter related to the incident filed in small claims court in Texas. All eight cases have been dismissed.
While the Company is unable to predict the ultimate outcome of any of the remaining proceedings, we have accrued an amount within a range of possible outcomes expected to be incurred to resolve the matters.
Census Project – Civil Investigation Demand (“CID”)
In 2021, Maximus received a CID from the U.S. Department of Justice (DOJ) pursuant to the False Claims Act seeking records pertaining to the Census project. The CID requested the production of documents related to the Company’s compliance with telephone call quality assurance scoring and reporting requirements. The Company is cooperating with the DOJ in its investigation and providing responses and information on an ongoing basis. As of December 31, 2024, the Company recorded an accrual of $8.2 million related to this matter. While it is reasonably possible that losses exceeding the amount accrued may be incurred, it is not possible at this time to estimate the additional possible loss in excess of the amount already accrued.
Maximus Federal Services, Inc. v. United States
In October 2024, Maximus Federal Services, Inc. (a wholly-owned subsidiary of Maximus, Inc.) filed suit in the U.S. Court of Federal Claims, challenging the inclusion of a “labor harmony agreement” and related requirements in a solicitation issued by the Centers for Medicare and Medicaid Services (CMS) to reprocure the Contact Center Operations (CCO) 1-800-MEDICARE contract. In November 2024, CMS cancelled the early reprocurement. The Court then granted Maximus Federal Services. Inc.'s request to voluntarily dismiss the lawsuit without prejudice. We will continue work on this contract, which was awarded to us in 2022, and includes annual option periods through 2031.
|