Symantec said that the damages from a U.S. investigation into its compliance with government contracting rules may be about US$145 million.
U.S. officials are said to have conveyed in January to the company an estimate of the damages, the security software company said in a filing Monday to the U.S. Securities and Exchange Commission.
"We are fully cooperating with the investigation and in January 2014 met with representatives of the government who presented us with an initial analysis of our actual damages exposure in the amount of approximately $145 million," Symantec said in the filing.
The company said it is in the process of evaluating the government's initial analysis, and it was possible that the investigation could lead to claims or findings of violations of the False Claims Act, which "could be material to our results of operations and cash flows for any period."
+ ALSO ON NETWORK WORLD 'Blackshades' malware still being sold +
The False Claims Act is a U.S federal law setting criminal and civil penalties for false or fraudulent claims for payment or approval to the government, misrepresenting the amount of a delivered product, or under-stating an obligation to the government.
Symantec said its total sales under the General Services Administration Schedule contract were about $210 million from January 2007 to December 2011. GSA Schedule contracts, also known as Federal Supply Schedules, are long-term, indefinite delivery and quantity contracts under the GSA's Multiple Award Schedule Program, according to the GSA website.
During the first quarter of fiscal 2013, Symantec was advised by the U.S. Department of Justice and the U.S. Attorney's Office for the District of Columbia that the government was investigating its compliance with the GSA contract, including with provisions relating to pricing, country of origin, accessibility and the disclosure of commercial sales practices.
Resolutions of investigations under the False Claims Act could result in the imposition of damages, including up to treble damages, plus civil penalties in some cases, Symantec said.