BUFFALO, NY, July 31, 2019 – Cisco Systems Inc. has agreed to pay $8.6 million to settle a “qui tam” lawsuit filed by Phillips & Cohen LLP on behalf of a whistleblower client alleging cybersecurity issues with video surveillance systems Cisco sold to the government.
The whistleblower case against Cisco is one of the first, if not the first, False Claims Act cases that has settled involving cybersecurity issues. The whistleblower, a cybersecurity consultant, will receive a reward of up to $1.6 million.
The whistleblower lawsuit, which was filed under seal and not made public until today, alleges Cisco knowingly sold video surveillance systems used by federal and state agencies that could have been easily hacked because of critical software flaws.
“Our client raised important security concerns,” said Claire M. Sylvia, a whistleblower attorney and partner at Phillips & Cohen. “We alleged in our complaint that the software flaws were so severe that they compromised the security of the video surveillance systems and any computer system connected to them.”
Cisco eventually addressed the cybersecurity software problems that the whistleblower identified.
The company will pay $2.6 million to the federal government and up to $6 million to 15 states, certain cities, counties and other political subdivisions within those states, and the District of Columbia, which purchased the product. The states that settled with Cisco are California, Delaware, Florida, Hawaii, Illinois, Indiana, Minnesota, Nevada, New Jersey, New Mexico, New York, North Carolina, Tennessee, Massachusetts and Virginia.
“Many federal and state agencies depended on Cisco’s video surveillance systems to help monitor security at their facilities,” Sylvia said.
The federal settlement covers purchases of Cisco’s internet protocol video surveillance product, known as the “Video Surveillance Manager,” from 2007 to 2014.
“Cybersecurity products are an important piece of government spending these days, and it’s essential that those products comply with critical regulatory and contractual requirements,” Sylvia said. “The tech industry can expect whistleblowers to continue to step forward when serious problems are ignored, thanks to laws that reward and protect them.”
Cybersecurity whistleblower case against Cisco filed in 2011
Phillips & Cohen filed the “qui tam” (whistleblower) lawsuit alleging violations of a federal fraud law, the False Claims Act, and similar state laws on behalf of James Glenn, a former security consultant for a Danish company that is a Cisco partner, in federal district court in Buffalo, NY, in 2011. Constantine Cannon LLP is co-counsel.
The company fired Glenn in 2009 after he submitted a detailed report to Cisco identifying what he believed to be security flaws.
Cisco’s video surveillance system allows for the connection and management of multiple video cameras through a centralized server. This gives the user the ability to coordinate surveillance cameras at many locations.
Cisco marketed the systems directly to government purchasers as particularly suited for their needs. Distributors affiliated with Cisco sold the systems.
“I was very concerned about the possibility that someone might endanger public safety by hacking into government systems,” Glenn said. “I filed the qui tam lawsuit to make the government aware of the problem and to get it fixed. I am glad that Cisco replaced the affected product and that the case has been settled.”
Glenn and his attorneys thanked the government team that diligently pursued this matter. This includes Trial Attorney Linda McMahon of the Department of Justice, Assistant U.S. Attorney Richard Resnick and Investigator Margaret McFarland of the Western District of New York, and the state governments’ team of lawyers led by Taxpayer Protection Bureau Chief Thomas Teige Carroll of the New York State Attorney General’s office.
The federal False Claims Act and similar state statutes allow private citizens to sue companies that are cheating the government and recover funds on the government’s behalf. Whistleblowers are rewarded with 15 percent to 25 percent of the amount recovered when the government joins their lawsuits, and they are protected against job retaliation. In this case, Glenn will receive 20 percent of the recovery.
“Filing a qui tam case can be an effective way to alert the government to cybersecurity problems and other issues with tech products it buys while providing legal recourse against job retaliation and financial rewards for blowing the whistle,” Sylvia said.
Read more about how qui tam cases work.
See the complaint, US et al. ex rel. Glenn v. Cisco Systems Inc., No. 1:11-cv-0400 (W.D. N.Y.)
About Phillips & Cohen
Phillips & Cohen is the nation’s most successful law firm representing whistleblowers. The firm’s cases have helped federal, state and local governments recover more than $12.3 billion in civil settlements and criminal fines. Phillips & Cohen represents whistleblowers in qui tam lawsuits as well as cases brought under the whistleblower programs of the Securities and Exchange Commission, the Commodity Futures Trading Commission and the Internal Revenue Service.