Booz Allen Hamilton Stock Soars After Winning Massive Pentagon Cyber Contract—Key Details & Forecast

Washington — In a sweeping move that rattled federal contracting circles, the U.S. Treasury Department on Monday terminated all 31 of its agreements with consulting giant Booz Allen Hamilton, contracts worth roughly $21 million, after regulators said the firm failed to safeguard sensitive taxpayer data, including records held by the Internal Revenue Service. Treasury Secretary Scott Bessent called the cancellations “an essential step toward restoring public trust,” pointing to lapses that surfaced in the wake of a high-profile leak by former Booz Allen employee Charles Littlejohn. Littlejohn, sentenced to five years in prison in 2024, admitted to stealing and disclosing the confidential tax returns of hundreds of thousands of Americans—including former President Donald Trump—while embedded at the IRS between 2018 and 2020. Investigators now say the breach affected about 406,000 taxpayers, triggering fresh scrutiny of the McLean, Virginia-based contractor’s cybersecurity practices. Booz Allen, a $10 billion-a-year powerhouse that supports the Pentagon, intelligence agencies and civilian departments, had promoted its data-protection expertise as a core competency. The Treasury action, however, raises new questions about whether the firm’s internal controls can meet tightening federal standards, especially as agencies move large troves of personally identifiable information into cloud and AI-enabled systems. Market reaction was swift: Booz Allen Hamilton Holding Corp. (NYSE: BAH) shares slid more than 6 percent in pre-market trading before paring losses to close down 3.8 percent, wiping out nearly $900 million in market value. Analysts at Jefferies warned that other departments—most notably Homeland Security and Veterans Affairs—could conduct their own compliance reviews, potentially putting additional revenue at risk. The company said in a brief statement that it “takes data security seriously and is cooperating fully with Treasury to address its concerns,” adding that it has launched an independent audit of its information-security program. Booz Allen emphasized that the Littlejohn incident was “the act of a rogue former employee” and that new multilayer encryption controls were deployed across IRS workstreams in late 2025. Industry attorneys note that Treasury’s decision is one of the largest blanket cancellations on cybersecurity grounds since the Federal Acquisition Regulation was amended in 2024 to mandate immediate termination for contractors that “knowingly or repeatedly” expose controlled unclassified information. “With cyber-breach enforcement rising, this could be a watershed moment for how agencies police vendors handling sensitive data,” said Alex Martinez, a partner at Crowell & Moring. Looking ahead, Booz Allen must decide whether to protest the cancellations through the Government Accountability Office—a process that could pause Treasury’s action for up to 100 days—or accept the loss and double down on remediation. Either way, the episode underscores a stark reality for federal contractors: in the era of high-stakes data stewardship, one security lapse can jeopardize both reputation and revenue.