Have a Claim?

Click here for a confidential contact or call:


Constantine Cannon Client’s Historic False Claims Act Settlement Against Cisco for Cybersecurity Fraud Makes Headlines

Posted  August 9, 2019

If you’ve ever seen a heist movie, you likely know the scene. The technology-savvy member of a motley crew of criminals is huddled in a van or in a secret lair, surrounded by monitors. After a tense few minutes of maniacal typing, he or she yells “I’m in!” and hacks into the video surveillance system of the target hotel/casino/museum. In an instant, the cameras switch off or go to a pre-taped reel, and the conman and loyal sidekicks spring into action, undetected. Without a whistleblower’s discovery of critical vulnerabilities in a video surveillance system used worldwide, this classic film trope could have become a reality.

In November 2008, James Glenn was working in Denmark at a distribution partner company of Cisco, the technological company based out of Silicon Valley, when he discovered critical flaws in the software made for a line of Cisco surveillance cameras that made it easy to access and gain control of the entire network of surveillance systems within an agency. Despite Glenn’s multiple attempts to report the problems to Cisco, the technology company continued to sell the video software worldwide, including to airports, schools, and prisons. Cisco’s other clients included the U.S. Army, Navy, Air Force, and Marine Corps, as well as government agencies in 15 other states.

With Constantine Cannon LLP’s help, along with Phillips & Cohen LLP and Personius Melber LLP serving as co-counsel, Glenn eventually filed a complaint against Cisco for violations of the False Claims Act. On July 31, 2019, Cisco agreed to pay $8.6 million to the federal and state governments to resolve these allegations, the first ever FCA litigation for cybersecurity fraud.

The settlement was picked up by several media outlets. At the New York Times, Katie Benner and Kate Conger reported on the FCA suit as well as on the ramping up of federal enforcement actions (especially by the FTC) against cybersecurity and “internet of things” companies.

Over at the Washington Post, Joseph Marks, a reporter for the paper’s Cybersecurity newsletter, let Constantine Cannon Partner Michael Ronickher and Associate Hamsa Mahendranathan explain the significance of the lawsuit and the risks that government agencies incurred, regardless of whether any major breaches resulted from the system’s vulnerabilities.

Constantine Cannon Partner Mary Inman was also quoted extensively on the increasing relevance of whistleblowers in the tech industry and the importance of encouraging them to come forward, both nationally and internationally.

Reuters highlighted that Cisco’s video surveillance system was used by Los Angeles International Airport, the Washington D.C. police, and the New York City public transit system, among many other government agencies, as noted by Constantine Cannon Partner Anne Hartman.

In an article titled “Whistleblower vindicated in Cisco cybersecurity case,” AP spoke to James Glenn over the phone, who characterized his persistence and the ultimate resolution as a “pretty decent accomplishment.”

Kate Fazzini at CNBC noted that though the settlement is “relatively small, it’s a case that many companies will be watching closely as they navigate the hundreds or thousands of vulnerability reports they receive from outside researchers each month… .”

Several technology websites highlighted the settlement, including Carrie Mihalcik at CNET and Robert Lemos at DarkReading, a news site dedicated to cybersecurity.

Further coverage of the precedent-setting settlement is expected in the coming weeks.

To read Constantine Cannon’s press release on the Cisco settlement, click here.

Read more:

Tagged in: CC Lawyers, Contract Non-Compliance, Cybersecurity and Data Breaches, FCA Federal, FCA State, Government Procurement Fraud, International Whistleblowers, Whistleblower Case, Whistleblower Rewards,