California-based technology manufacturer Cisco Systems Inc. settled with New Jersey and other states for $6 million, resolving allegations that the company sold public entities a security video monitoring system that was vulnerable to hacking.
School districts, universities, and other entities purchased Video Surveillance Manager products to monitor entrances to buildings, bridges, tunnels, schoolyards, parking garages and other facilities.
VSM’s flaws made it accessible to unauthorized users, who could hack not only into individual systems but the broader network a VSM system was deployed on.
A whistleblower lawsuit filed in 2011 prompted the multi-state investigation, which concluded that Cisco became aware of VSM’s vulnerability before 2008 but neglected to remedy the problem until 2013.
“We take cybersecurity seriously here in New Jersey,” said Attorney General Grewal in a statement. “Enforcement actions like the one we are announcing today put companies on notice that if they want to sell their products to New Jersey, they must satisfy the highest standards for cybersecurity.”
New Jersey will receive approximately $143,000 of the settlement.