Attorney General James Secures $6 Million From Cisco Systems In Multistate Settlement

Attorney General James Secures $6 Million From Cisco Systems In Multistate Settlement 
 

Whistleblower Came Forward to Expose

Security Camera Software Vulnerable to Hackers

NEW YORK – Attorney General Letitia James today announced she has led a coalition of 19 Attorneys General in settling a multistate lawsuit against Cisco Systems, Inc. concerning security surveillance system software sold to New York, a collection of other states, and the federal government. A whistleblower came forward under the False Claims Act to assert that Cisco’s software had major flaws rendering the system vulnerable to hackers, and that despite learning of the exposure, Cisco failed to report or remedy this security flaw for several years.

“Security camera software must be secure — it’s that simple,” said Attorney General Letitia James. “Cisco’s failure to keep their software safe could have endangered the safety of New Yorkers across our state. We are holding the company accountable and will ensure that software manufacturers dealing with our state not only have the most secure software possible, but diligently report and repair any flaws they learn about. This is about our security, privacy, and protection.”

In 2009, according to the action, Cisco discovered security flaws in a software product designed to control security camera systems sold to New York, multiple other states, and the federal government, but the company failed to report or remedy these flaws until 2013, and only after commencement of the investigation of the action.

The now-discontinued software contained flaws that would permit unauthorized access to the system, with the potential to control and otherwise manipulate security cameras and the recorded footage. 

The investigation began after New York State — and the additional parties involved in the settlement — received information from a former Cisco employee who came forward as a whistleblower and filed an action under the federal False Claims Act, the New York False Claims Act, and whistleblower acts of the other states involved. The joint investigation uncovered no evidence that a hack or any unauthorized access of security surveillance systems ever took place.

The $6 million fine will be distributed among the plaintiff states, with a share for the whistleblower. The New York False Claims Act allows private persons to file civil actions on behalf of the government, and to share in any recovery. New York will receive approximately $1.3 million of the total settlement payment.

The New York State Attorney General’s Office conducted this investigation in coordination with the States of California, Delaware, Florida, Hawaii, Illinois, Indiana, Massachusetts, Minnesota, Montana, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, Rhode Island, Tennessee, Virginia, and the District of Columbia.

The New York Attorney General’s investigation of Cisco Systems was led by Thomas Teige Carroll, Chief of the Taxpayer Protection Bureau, with the aid of paralegal Emily O’Leary. The Bureau is a unit of the Economic Justice Division, which is headed by Chief Deputy Attorney General for Economic Justice Christopher D’Angelo.