Cisco agreed to pay $8.6 million in a settlement with a whistleblower who accused the company of knowingly selling flawed software. James Glenn, the cybersecurity whistleblower employed by a distribution partner of Cisco in Denmark, will receive the majority of the settlement money.
Cisco Systems, Inc. is headquartered in San Jose, California, and develops, manufactures, and sells networking hardware, telecommunications equipment, and other high-technology services and products. The company considers itself a worldwide leader in IT, networking, and cybersecurity solutions and claims to help companies of all sizes connect, communicate, and collaborate.
According to the whistleblower, the firm was selling surveillance software to government agencies that it knew contained bugs that put sensitive information at risk.
Glenn claimed that Cisco’s Video Surveillance Manager, which is a centralized video surveillance system, exposed government systems to unauthorized access and manipulation of information. The lawsuit accused the company of selling the software to the DHS, the Secret Service, FEMA, and four branches of the US military.
Software Exposed Data and Created Security Risks
While employed, Glenn sent several detailed reports to Cisco explaining what he thought were problems with the software. According to him, the program enabled anyone who had a “moderate grasp of network security” to exploit it and gain access to information. It also made it possible for hackers to bypass security and gain access to networks.
But despite his reports, Glenn was ignored and the company continued to sell its products to government agencies without any warnings or improvements.
After several attempts to have his concerns addressed, Glenn filed the whistleblower lawsuit under the False Claims Act. The law allows individuals to report any instances of fraud or wrongdoing related to federal government contracts and programs and possibly benefit financially if their claims are proven true.
Plaintiff Calling on Tech Industry to Do the Right Thing
Glenn believes this is a message to all who work in tech.
Following the settlement, he issued the following statement: “The tech industry needs to fulfill its professional responsibility to protect the public from their products and services. There’s a culture that tends to prioritize profit and reputation over doing what’s right. I hope coming forward with my experience causes others in the tech community to think about their ethical mandate.”
Glenn’s lawyer echoed his sentiments, stating, “Citizens depend on the tech industry to keep our data secure and every data breach we read about shakes our confidence.”
The case was the first time the government used information from a whistleblower to hold a major contractor accountable for their actions.