Whistleblower James Glenn, a Danish employee of Cisco partner Net Design, warned Cisco management in 2008 that hackers could potentially use a flaw in the camera security system to get administrative access to other parts of the network. Cisco failed to respond to his concerns so he reported them to the police, and then the FBI. The government subsequently opened a case against Cisco in 2011, but documents from this time were only recently unsealed.
Of the total fee, $1 million will go to Glenn and the rest will be paid to the affected agencies. The lawsuit marked the first time a company has made a payout under the False Claims Act for failing to meet cybersecurity standards. The False Claims Act is designed to prevent companies from defrauding the government by misrepresenting the products they sell. The settlement could pave the way for more whistleblower lawsuits in the future.
Cisco finally addressed the security issue in an update to the software released in 2013, and the company reiterated that no attacks had taken place. "There's this culture that tends to prioritize profit and reputation over doing what's right," Glenn said in a written statement, as reported by Reuters. "I hope coming forward with my experience causes others in the tech community to think about their ethical mandate."