Latest in Gear

Image credit: GABRIEL BOUYS via Getty Images

Cisco Systems pays out $8.6 million in cybersecurity whistleblower case

The company sold software with security flaws to the US government.
149 Shares
Share
Tweet
Share
Save

Sponsored Links

GABRIEL BOUYS via Getty Images

Cisco Systems has paid out a penalty of $8.6 million after failing to disclose security holes in software it sold to the US government. Video Surveillance Manager was used by authorities like LA Airport, the Washington D.C. police and New York City's MTA. Unfortunately, the system had flaws that meant an attacker could gain control of the system, although there is no evidence that any successful attack occurred.

Whistleblower James Glenn, a Danish employee of Cisco partner Net Design, warned Cisco management in 2008 that hackers could potentially use a flaw in the camera security system to get administrative access to other parts of the network. Cisco failed to respond to his concerns so he reported them to the police, and then the FBI. The government subsequently opened a case against Cisco in 2011, but documents from this time were only recently unsealed.

Of the total fee, $1 million will go to Glenn and the rest will be paid to the affected agencies. The lawsuit marked the first time a company has made a payout under the False Claims Act for failing to meet cybersecurity standards. The False Claims Act is designed to prevent companies from defrauding the government by misrepresenting the products they sell. The settlement could pave the way for more whistleblower lawsuits in the future.

Cisco finally addressed the security issue in an update to the software released in 2013, and the company reiterated that no attacks had taken place. "There's this culture that tends to prioritize profit and reputation over doing what's right," Glenn said in a written statement, as reported by Reuters. "I hope coming forward with my experience causes others in the tech community to think about their ethical mandate."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
149 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Oppo's next phone can be fully charged in just 30 minutes

Oppo's next phone can be fully charged in just 30 minutes

View
Fossil's latest hybrid watch is likely powered by Wear OS

Fossil's latest hybrid watch is likely powered by Wear OS

View
Sonos Move review: Versatility doesn't come cheap

Sonos Move review: Versatility doesn't come cheap

View
ZenBook Pro Duo review: ASUS makes a case for dual-screen laptops

ZenBook Pro Duo review: ASUS makes a case for dual-screen laptops

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr