August 4, 2019
North Carolina Attorney General Josh Stein Thursday reached a $6 million multi-state settlement with Cisco Systems Inc. over security surveillance system software that Cisco sold to North Carolina, other states, and the federal government. The software contained flaws that would have permitted unauthorized system access. North Carolina will receive $522,257.36 of the settlement.
“Companies have a responsibility to safeguard their systems and fix flaws they uncover,” said Attorney General Josh Stein. “Cisco failed to address known flaws in its software and put sensitive surveillance data at risk of being hacked. My office will continue to hold companies accountable when they don’t work to protect their products and data.”
A coalition of states, including North Carolina, began investigating Cisco after a former Cisco employee came forward as a whistleblower and filed an action under the federal False Claims Act and state whistleblower acts. The whistleblower alleged that in 2009, Cisco had discovered security flaws in its software sold to the states and the federal government that was designed to control security camera systems. The flaws would permit unauthorized access to the system, with the potential to control and otherwise manipulate security cameras and the recorded footage.
Cisco failed to report or remedy these flaws until 2013, after the investigation had begun. The joint investigation uncovered no evidence that a hack or any unauthorized access of security surveillance systems ever took place, and the software has been discontinued.
Attorney General Stein is joined in reaching this settlement by the Attorneys General of New York, California, Delaware, Florida, Hawaii, Illinois, Indiana, Massachusetts, Minnesota, Montana, Nevada, New Hampshire, New Jersey, New Mexico, Rhode Island, Tennessee, Virginia, and the District of Columbia.