Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies.
It’s believed to be the first payout on a ‘False Claims Act‘ case over failure to meet cybersecurity standards.
The lawsuit began eight years ago, in the year 2011, when Cisco subcontractor turned whistleblower, James Glenn, accused Cisco of continue selling a video surveillance technology to federal agencies even after knowing that the software was vulnerable to multiple security flaws.
According to the court documents seen by The Hacker News, Glenn and one of his colleagues discovered multiple vulnerabilities in Cisco Video Surveillance Manager (VSM) suite in September 2008 and tried to report them to the company in October 2008.
Cisco Video Surveillance Manager (VSM) suite allows customers to manage multiple video cameras at different physical locations through a centralized server, which in turn, can be accessed remotely.
The vulnerabilities could have reportedly enabled remote hackers to gain unauthorized access to the video surveillance system permanently, eventually allowing them to gain access to all video feeds, all stored data on the system, modify or delete video feeds, and bypass security measures.
images from Hacker News