The U.S. government has filed suit against Danielle Hillmer, 53, of Chantilly, Virginia, alleging she misled auditors about the security of a cloud platform used by the Army and other federal customers while working for a company identified in court papers as Company A.
According to an indictment unsealed this week, prosecutors say Hillmer obstructed federal auditors and made false representations about the security posture of the Nonappropriated Fund Integrated Financial Management System (NIFMS), described in filings as a cloud-based payroll, pension and benefits system.
The government alleges Hillmer represented that the platform met the Federal Risk and Authorization Management Program (FedRAMP) High baseline and the Department of Defense Impact Levels 4 and 5. FedRAMP High is required to store federal information, and the DoD impact levels represent the highest security baselines for unclassified DoD data, according to the indictment.
Court documents say Accenture’s contract for the work was worth about $30 million and required a DoD Impact Level 4 assessment. The filing alleges Hillmer submitted an application to the Joint Authorization Board on March 10, 2020, seeking to raise the platform’s compliance level from FedRAMP Moderate to High and representing that controls would be implemented by April 2020 and operational by August.
The indictment, which is publicly available, says an outside consultant told Hillmer in June 2020 that more than 100 security controls had not been implemented and that she nonetheless approved a Readiness Assessment Report in July while allegedly concealing known issues. Prosecutors say the misrepresentations continued into September 2021 and that at least six government departments planned to use the platform, potentially generating about $250 million in additional contract opportunities.
An Accenture spokesperson told the press the company proactively alerted the government after an internal review and has cooperated with investigators. Accenture made similar disclosures in a Form 10-K filed with the SEC on Oct. 12, 2023, which noted the Justice Department had initiated civil and criminal proceedings involving “one or more employees” and that the company was complying with the investigation. The public filings and the indictment do not, in this summary, enumerate specific criminal counts or list scheduled court dates.