Cisco fined for selling software with security flaws

Cisco has agreed to pay $8.6m to settle a lawsuit filed on behalf of a whistleblower client who claims the software giant knowingly sold video surveillance systems to US federal and state agencies that could have been easily hacked because of critical software flaws.

Attorney and partner at Phillips & Cohen, which handled the case, Claire M. Sylvia explained why the law firm took the client's case against the company, saying:

“Our client raised important security concerns. We alleged in our complaint that the software flaws were so severe that they compromised the security of the video surveillance systems and any computer system connected to them.” 

The software flaws were eventually addressed by Cisco and now the company will pay $2.6m to the federal government and up to $6m to 15 states, cities and counties as well as to the District of Columbia which purchased its video surveillance product.

Video Surveillance Manager

The federal settlement covers purchases of Cisco's internet protocol video surveillance product called Video Surveillance Manager from 2007 to 2014.

Phillips & Cohen filed its lawsuit back in 2011 against the company on behalf of a former security consultant named James Glenn who worked for a Danish company that is a Cisco partner. Glenn was fired from his job after submitting a detailed report to Cisco in which he identified what he believed to be serious security flaws.

The company's video surveillance system allows for the connection and management of multiple video cameras through a centralized server which gives users the ability to coordinate surveillance cameras at many locations at once. Cisco marketed its systems directly to government purchasers as it was particularly suited for their needs.

This likely won't be the last of this kind of case that we see according to Sylvia who explained that whistleblowers who are ignored can use the law to their advantage, saying:

“Cybersecurity products are an important piece of government spending these days, and it’s essential that those products comply with critical regulatory and contractual requirements. The tech industry can expect whistleblowers to continue to step forward when serious problems are ignored, thanks to laws that reward and protect them.” 

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.