Latest in Gear

Image credit:

Cisco Systems pays out $8.6 million in cybersecurity whistleblower case

The company sold software with security flaws to the US government.

Sponsored Links

GABRIEL BOUYS via Getty Images

Cisco Systems has paid out a penalty of $8.6 million after failing to disclose security holes in software it sold to the US government. Video Surveillance Manager was used by authorities like LA Airport, the Washington D.C. police and New York City's MTA. Unfortunately, the system had flaws that meant an attacker could gain control of the system, although there is no evidence that any successful attack occurred.

Whistleblower James Glenn, a Danish employee of Cisco partner Net Design, warned Cisco management in 2008 that hackers could potentially use a flaw in the camera security system to get administrative access to other parts of the network. Cisco failed to respond to his concerns so he reported them to the police, and then the FBI. The government subsequently opened a case against Cisco in 2011, but documents from this time were only recently unsealed.

Of the total fee, $1 million will go to Glenn and the rest will be paid to the affected agencies. The lawsuit marked the first time a company has made a payout under the False Claims Act for failing to meet cybersecurity standards. The False Claims Act is designed to prevent companies from defrauding the government by misrepresenting the products they sell. The settlement could pave the way for more whistleblower lawsuits in the future.

Cisco finally addressed the security issue in an update to the software released in 2013, and the company reiterated that no attacks had taken place. "There's this culture that tends to prioritize profit and reputation over doing what's right," Glenn said in a written statement, as reported by Reuters. "I hope coming forward with my experience causes others in the tech community to think about their ethical mandate."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

FCC will require phone carriers to authenticate calls by June 2021

FCC will require phone carriers to authenticate calls by June 2021

View
SpaceX aborts Falcon 9 launch with rare 'Liftoff! Disregard' sequence

SpaceX aborts Falcon 9 launch with rare 'Liftoff! Disregard' sequence

View
Apex's electric supercar includes an AR race coach and partial self-driving

Apex's electric supercar includes an AR race coach and partial self-driving

View
BMW will discontinue its iconic i8 hybrid sports car in April

BMW will discontinue its iconic i8 hybrid sports car in April

View
Tesla starts delivering the Model Y

Tesla starts delivering the Model Y

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr