RICHMOND, Va. — Virginia's Attorney General Mark Herring on Thursday joined 19 other attorney generals in settling a multistate lawsuit against Cisco Systems, Inc. concerning security surveillance system software sold to Virginia, a collection of other states, and the federal government.
Someone came forward under the federal False Claims Act to inform officials that Cisco’s software had major flaws rendering the system vulnerable to hackers. Despite learning of the exposure, Cisco failed to report or remedy this security flaw for several years.
In the settlement, Virginia will receive approximately $546,000 of the total payment.
“It is inexcusable that Cisco was aware of the security flaws in its software for years, yet failed to do anything about it,” said Attorney General Herring. “These security flaws opened our surveillance systems up to hackers and could have put Virginians at risk. My team and I will continue to hold manufacturers accountable and make sure they know that they must report and repair any flaws that they find or they will have to deal with the consequences.”
According to the action, in 2009 Cisco discovered security flaws in a software product designed to control security camera systems sold to Virginia, multiple other states, and the federal government, but the company failed to report or remedy these flaws until 2013, and only after the commencement of the investigation of the action.
The now-discontinued software contained flaws that would permit unauthorized access to the system, with the potential to control and otherwise manipulate security cameras and the recorded footage.
Attorney General Herring and his team conducted this investigation in coordination with the States of California, Delaware, Florida, Hawaii, Illinois, Indiana, Massachusetts, Minnesota, Montana, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Rhode Island, Tennessee, and the District of Columbia.