Eleven years after a whistleblower first reported to the US government that Cisco had sold defective video surveillance software to federal and state agencies, the company agreed to pay US$8.6 million (£7 million) to settle the issue.
This settlement is the first whistleblower case successfully litigated under the False Claims Act, which imposes liability on persons and companies who defraud governmental programmes, and in this incident covers Cisco software that was sold to a variety of federal government agencies, 15 states and the District of Columbia.
The whistleblower, James Glenn, said in the claim that the software issue had been in place since 2008.
"James Glenn was working for a Cisco distribution partner in Denmark when he first discovered and reported to Cisco that its Video Surveillance Manager, a bundled, centralised video surveillance system, could be easily exploited," said Constantine Cannon LLP, the legal team representing Glenn, said in a statement.
The legal team said Glen had informed Cisco that if exploited the vulnerabilities would allow unauthorised access to stored data, bypass physical security systems, and gain administrative-level access to the agency’s network. However, the legal team claimed no action was taken and continued to sell the product.
This article was originally published on SC Media US.