Particle.news

Download on the App Store

Cisco Discloses Vishing Attack Exposing Cisco.com User Profiles

Cisco is bolstering security controls during its investigation into the vishing-induced CRM breach.

HOSPITALET DE LLOBREGAT, BARCELONA, SPAIN - 2023/02/27: The CISCO brand logo during the Mobile World Congress Barcelona 2023. Mobile World Congress (MWC) Barcelona 2023 is the largest and most influential event in Spain, where technology, community, and commerce converge. In 2023, MWC aims to bring together 80,000 people and generate an economic impact of about 350 million in the city. (Photo by Ramon Costa/SOPA Images/LightRocket via Getty Images)
Cisco hacked
Image
Cisco data breach exploited employee via vishing call

Overview

  • A July 24 voice phishing call tricked a Cisco representative into granting an attacker access to a third-party cloud-based CRM system.
  • Threat actors exfiltrated names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers and account metadata from Cisco.com user profiles.
  • Cisco confirmed that no passwords, proprietary customer data or other CRM instances and products were compromised.
  • Upon discovery, the company revoked the actor’s access, notified data protection authorities and impacted users and launched a comprehensive investigation.
  • The full number of affected accounts and any ransom demands remain under review as Cisco implements enhanced security measures.