Cisco Reports Data Breach Affecting User Accounts on Cisco.com

Cisco has disclosed that cybercriminals stole basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack targeting a company representative. After becoming aware of the incident on July 24th, the networking equipment giant discovered that the attacker had tricked an employee into gaining access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco. This breach allowed the threat actor to steal personal and user information of individuals with Cisco.com accounts, including names, organisation names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates. However, the company stated that the attacker did not obtain “organisational customers’ confidential or proprietary information, or any passwords or other types of sensitive information.” Cisco added that the incident did not impact its products or services, and no other Cisco CRM system instances were affected.

Upon learning of the incident, Cisco immediately terminated the actor’s access to the CRM system instance and commenced an investigation. The company has engaged with data protection authorities and notified affected users where required by law. To mitigate the risk of similar incidents in the future, Cisco is implementing further security measures, including re-educating personnel on identifying and protecting against potential vishing attacks. Cisco has yet to disclose how many individuals had their personal and user account information stolen in the incident or whether the attackers requested a ransom in exchange for not leaking the stolen data online. In October, Cisco also had to take its public DevHub portal offline after a threat actor known as IntelBroker leaked “non-public” data on the BreachForums hacking forum.