FCA whistleblower’s alerting of cybersecurity flaws yields recovery

The details that have emerged recently concerning security flaws in video surveillance software are unquestionably sobering. Arguably, they pertain to a U.S. False Claims Act whistleblower case that seems of heightened seriousness in a universe of wrongdoing that is already marked by an elevated level of misconduct.

James Glenn is a computer expert once employed by the global technology company Cisco Systems Inc. Glenn reportedly discovered what one national news reports notes were “critical security flaws” in the company’s video surveillance software back in 2008.

He promptly alerted Cisco principals to the problem, believing that the company would be duly appreciative of his sharp eye and follow through.

It wasn’t. He was fired.

That turned out to be a big deal. Glenn subsequently filed a qui tam whistleblower lawsuit pursuant to the U.S. False Claims Act on behalf of the government in 2011. Notably, Cisco kept quiet about the software shortcomings for years, failing to issue a security alert concerning “multiple security vulnerabilities” until 2013.

The frightening extent of those vulnerabilities came to light just recently, with the unsealing of Glenn’s lawsuit and the announcement that regulators had reached an $8.6 million settlement with Cisco. Reportedly, bugs in the software could have resulted in sophisticated hackers being able to penetrate security stems at airports and key federal departments and agencies, including NASA, the Department of Defense and the Secret Service.

Cisco acknowledges the possibility, but claims that no breach ever occurred.