Cisco Systems Inc. reached an $8.6 million settlement Wednesday in a whistleblower suit alleging the technology company knowingly misled customers about the security of its video surveillance products.
That settlement will be divided among 16 U.S. states, including San Jose-based Cisco’s home state California, the U.S. federal government and the whistleblower who raised concerns.
The settlement covers government purchases of Cisco’s Video Surveillance Manager product. Plaintiffs in the qui tam suit allege the product had “several critical security flaws,” allowing hackers to possibly access user passwords and system data, delete video feeds or gain permanent administrator access.
A representative from Cisco said there was “no allegation or evidence that any unauthorized access to customers’ video occurred as a result of the architecture.” Cisco stopped selling the software in 2014.
“We are pleased to have resolved a 2011 dispute involving the architecture of a video security technology product we added to our portfolio through the Broadware acquisition in 2007,” the representative said in an email.
The suit was brought by James Glenn, a former Denmark-based employee of Cisco partner company Net Design, who said he alerted Cisco to security flaws in their surveillance product in October 2008. According to the complaint, Glenn was “fired shortly after disclosing his concerns to Cisco and his employer.”
After his firing, Glenn continued to monitor Cisco’s surveillance flaws, concerned that government purchasers were at risk, according to the suit filed the suit in the U.S. District Court for the Western District of New York.
“I was very concerned about the possibility that someone might endanger public safety by hacking into government systems,” Glenn said in a press release Wednesday. “I filed the qui tam lawsuit to make the government aware of the problem and to get it fixed. I am glad that Cisco replaced the affected product and that the case has been settled.”
Glenn was represented by counsel from Phillips & Cohen, including partner Claire Sylvia. Attorneys from the U.S. Department of Justice, New York State Attorney General’s office and Taxpayer Protection Bureau also worked on the case.
“Cybersecurity products are an important piece of government spending these days, and it’s essential that those products comply with critical regulatory and contractual requirements,” Sylvia said in a press release. “The tech industry can expect whistleblowers to continue to step forward when serious problems are ignored, thanks to laws that reward and protect them.”