Cisco agrees to pay $8.6 million, settles 2011 security dispute

cisco cybersecurity flaw settlement

Cisco has finally settled with the federal, state and local agencies for an old case that involved a cybersecurity flaw. The case came to public focus first in 2011.

Back in 2008, a Denmark-based employee of Cisco’s partner Net Design, James Glenn, alerted Cisco of a flaw in its software which was used in many of the company’s surveillance cameras. The flaw in the company’s proprietary surveillance camera software could have allowed an attacker to access the systems running devices. The attackers could have further exploited the flaw to gain deeper access into the systems.

Glenn notified Cisco of the flaw through the company’s online form for reporting such vulnerabilities. But he was unsuccessful in reaching anyone. Glenn later discovered that the unfixed cameras were being still used at the Los Angeles International Airport. In 2010, he notified the authorities of the issue. According to Glenn’s attorney’s, the networking giant did not fix the flaw until a new version of the software was released in 2012.

These cameras had been used by a wide range of federal government entities, military and more. The lawsuit against the company has been ongoing since 2011. But Cisco has agreed to $8.6 million settlement to put an end to the dispute now. The proceeds from the dispute are going mostly to the federal government and 15 state buyers. And the whistleblower, James Glenn, will receive more than $1 million out of the settlement.