Have a Claim?

Click here for a confidential contact or call:


Cisco Whistleblower Represented by Constantine Cannon Wins First-Ever False Claims Act Settlement for Cybersecurity Fraud

Posted  July 31, 2019

In the first cybersecurity whistleblower case ever successfully litigated under the False Claims Act, Cisco Systems, Inc. has agreed to an $8.6 million settlement to resolve allegations it knowingly sold vulnerable video surveillance software to federal, state and local government agencies, exposing government systems to the risk of unauthorized access and the manipulation of vital information.

This qui tam settlement resolves claims from Cisco’s sale of defective video surveillance software arising under both the federal False Claims Act and the state False Claims Acts of 15 plaintiff states and the District of Columbia. State and local entities are allocated 70%, or $6 million, of the settlement.  The whistleblower will receive a whistleblower award equal to 20% of the total.

The whistleblower, James Glenn, worked in Europe for a Cisco distribution partner when he first discovered critical security vulnerabilities in Cisco’s Video Surveillance Manager (VSM), a bundled, centralized video surveillance system.  In 2008, he submitted detailed reports to Cisco using their incident reporting system.  According to Glenn, these reports revealed that anyone with a moderate grasp of network security could exploit this software to gain unauthorized access to stored data, bypass physical security systems, and potentially gain “administrative” access to the entire network of a government agency, all without detection.

The security vulnerabilities reported by Glenn meant that the VSM did not comply with the Federal Acquisition Regulation and other applicable procurement standards, including state standards, which require government information technology contractors to comply with basic cybersecurity controls.  These cybersecurity standards include those set forth by the National Institute of Standards and Technology.

Despite the repeated internal warnings of VSM’s flaws, Cisco allegedly continued to sell the vulnerable software to high-profile infrastructure targets and government entities, including the Department of Homeland Security, the Secret Service, the Army, the Navy, the Air Force, the Marine Corps and the Federal Emergency Management Agency.

The whistleblower filed an action under the False Claims Act, which permits individuals to report fraud and misconduct in federal government contracts and programs by filing a qui tam lawsuit on the government’s behalf, and provides for financial rewards to whistleblowers based on recovery by the government.

“The tech industry needs to fulfill its professional responsibility to protect the public from their products and services,” said Mr. Glenn. “There’s this culture that tends to prioritize profit and reputation over doing what’s right. I hope coming forward with my experience causes others in the tech community to think about their ethical mandate.”

Mr. Glenn was represented by the Constantine Cannon LLP whistleblower team and its attorneys Anne Hayes Hartman, Michael Ronickher, and Hamsa Mahendranathan, as well as by co-counsel at Phillips & Cohen LLP.  Brian Melber at Personius Melber LLP served as local counsel.

Mary Inman, a partner who launched Constantine Cannon’s international whistleblower practice in London in 2017 said: “As business is increasingly conducted on a global scale, it is terrific to see that the fight against fraud on American taxpayers is also going global.  Mr. Glenn, who worked in Denmark at NetDesign, a Cisco subcontractor, is part of a growing army of international whistleblowers who are being mobilized as citizen watchdogs to be the eyes and ears of U.S. authorities abroad.”

Read more:

Tagged in: CC Lawyers, Contract Non-Compliance, Cybersecurity and Data Breaches, FCA Federal, FCA State, Government Procurement Fraud, International Whistleblowers, Whistleblower Case, Whistleblower Rewards,