(INDIANAPOLIS) – Attorney General Curtis Hill today joined a coalition of 19 attorneys general in settling a multistate lawsuit against Cisco Systems Inc. involving deficient security surveillance system software sold to Indiana, other states and the federal government.
This case started when a whistleblower came forward under the False Claims Act to assert that Cisco’s software contained major flaws rendering the system vulnerable to hackers. Despite learning of these issues, the whistleblower stated, Cisco failed to report or remedy this security flaw for several years.
“My office works diligently to protect Hoosier consumers from corporate irresponsibility,” Attorney General Hill said. “Settlements such as this one help ensure that companies are held accountable for their actions. I’m grateful for the collaboration of our state partners in bringing about this positive result.”
In 2009, Cisco allegedly discovered security flaws in a software product designed to control security camera systems but failed to report or remedy these flaws until 2013 — after an investigation had already begun. The now-discontinued software contained flaws that would permit unauthorized access to the system and potentially allow unauthorized control and manipulation of security cameras and recorded footage.
The investigation began after parties involved in the settlement received information from a former Cisco employee who came forward as a whistleblower and filed an action under the federal False Claims Act and whistleblower acts of the multiple states involved. The joint investigation uncovered no evidence that a hack or any unauthorized access of security surveillance systems ever took place.
The $6 million fine will be distributed among the plaintiff states with a share also going to the whistleblower. Indiana will receive $111,727.20 of the total settlement payment.