Networking giant Cisco has agreed to pay $8.6m fine to settle a lawsuit filed by a client claiming the company sold video surveillance gear containing critical security susceptibilities.
US law firm Phillips & Cohen said it filed a whistleblower lawsuit on behalf of James Glenn, a consultant for a Cisco partner company of Danish descent. The company is said to have terminated Glenn after he submitted a report to Cisco specifying the faults.
Cisco finally rectified the software faults, but the lawsuit suspected that the firm possibly exposed the federal and state-level agencies that used the equipment.
The settlement encompasses sales of Cisco’s Video Surveillance Manager from 2007 to 2014. The system enables customers to manage and connect numerous internet-connected cameras through a central server.
Claire Sylvia, whistleblower attorney, contended that many federal and state agencies relied on Cisco’s video surveillance systems to help screen security at their facilities.
“Our client raised important security concerns. We alleged in our complaint that the software flaws were so severe that they compromised the security of the video surveillance systems and any computer system connected to them,” said Sylvia.
“Cybersecurity products are an important piece of government spending these days, and it’s essential that those products comply with critical regulatory and contractual requirements. The tech industry can expect whistleblowers to continue to step forward when serious problems are ignored, thanks to laws that reward and protect them.”
Cisco will pay the federal government and 15 states, as well as various cities, counties and other regional US administrations. Glenn himself will receive around $1.6m.
“Because of the open architecture, video feeds could theoretically have been subject to hacking, though there is no evidence that any customer’s security was ever breached. In 2009, we published a Best Practices Guide emphasizing that users needed to pay special attention to building necessary security features on top of the software they were licensing from us,” explained general counsel, Mark Chandler.
“In July, 2013, we advised that customers should upgrade to a new version of the software which addressed security features. All sales of the older versions of the software had ended by September, 2014.”