Quarterly report pursuant to Section 13 or 15(d)

Commitments And Contingencies

v3.23.2
Commitments And Contingencies
9 Months Ended
Jun. 30, 2023
Commitments and Contingencies Disclosure [Abstract]  
Commitments And Contingencies COMMITMENTS AND CONTINGENCIES
Litigation
We are subject to audits, investigations, and reviews relating to compliance with the laws and regulations that govern our role as a contractor to agencies and departments of federal, state, local, and foreign governments, and otherwise in connection with performing services in countries outside of the U.S. Adverse findings could lead to criminal, civil, or administrative proceedings, and we could be faced with penalties, fines, suspension, or debarment. Adverse findings could also have a material adverse effect on us because of our reliance on government contracts. We are subject to periodic audits by federal, state, local, and foreign governments for taxes. We are also involved in various claims, arbitrations, and lawsuits arising in the normal conduct of our business. These include but are not limited to bid protests, employment matters, contractual disputes, and charges before administrative agencies. Although we can give no assurance, based upon our evaluation and taking into account the advice of legal counsel, we do not believe that the outcome of any existing matter would likely have a material adverse effect on our consolidated financial position, results of operations, or cash flows.
We evaluate, on a regular basis, developments in our litigation matters and establish or make adjustments to our accruals as appropriate. A liability is accrued if a loss is probable and the amount of such loss can be reasonably estimated. If the risk of loss is probable, but the amount cannot be reasonably estimated, or the risk of loss is only reasonably possible, a liability is not accrued. Due to the inherent uncertainty in the outcome of litigation, our estimates and assessments may prove to be incomplete or inaccurate and could be impacted by unanticipated events and circumstances, adverse outcomes or other future determinations.
MOVEit Cybersecurity Incident Litigation
As the Company has previously disclosed, on May 31, 2023 Progress Software Corporation, the developer of MOVEit (“MOVEit”), a file transfer application used by many organizations to transfer data, announced a critical zero-day vulnerability in the application that allowed unauthorized third parties to access its customers’ MOVEit environments. It appears that a significant number of commercial and government customers worldwide were affected by this vulnerability. Maximus uses MOVEit for internal and external file sharing purposes, including to share data with government customers pertaining to individuals who participate in various government programs. The Company believes that the personal information of a significant number of individuals was accessed by an unauthorized third party by exploiting this MOVEit vulnerability.
On August 1, 2023, a purported class action was filed against Maximus Federal Services, Inc. (a wholly-owned subsidiary of Maximus, Inc.) in the U.S. District Court for the Eastern District of Virginia arising out of the MOVEit cybersecurity incident – Bishop v. Maximus Federal Services, Case No. 1:23-cv-01019 (U.S. Dist. Ct. E. D. VA). The plaintiff, who purports to represent a nationwide class of individuals, alleges, among other things, that the Company’s negligence resulted in the compromise of the plaintiff’s personally identifiable Information and protected health information. The plaintiff seeks damages to be proved at trial. The Company is not able to determine or predict the ultimate outcome of this proceeding or reasonably provide an estimate or range of the possible outcome or loss if any.
On August 2, 2023, a purported class action was filed against Maximus, Inc. and Maximus Federal Services, Inc. in the U.S. District Court for the Eastern District of Virginia arising out of the MOVEit cybersecurity incident – Buzzell v. Maximus, Case No. 1:23-cv-01028 (U.S. Dist. Ct. E. D. VA). The plaintiff, who purports to represent a nationwide class of individuals, alleges, among other things, that the Company’s negligence resulted in the compromise of the plaintiff’s personally identifiable Information and protected health information. The plaintiff seeks damages to be proved at trial. The Company is not able to determine or predict the ultimate outcome of this proceeding or reasonably provide an estimate or range of the possible outcome or loss if any.