Particle.news

Download on the App Store

Cisco Discloses Vishing Attack Exposing Cisco.com User Profiles

Cisco is bolstering security controls during its investigation into the vishing-induced CRM breach.

Overview

  • A July 24 voice phishing call tricked a Cisco representative into granting an attacker access to a third-party cloud-based CRM system.
  • Threat actors exfiltrated names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers and account metadata from Cisco.com user profiles.
  • Cisco confirmed that no passwords, proprietary customer data or other CRM instances and products were compromised.
  • Upon discovery, the company revoked the actor’s access, notified data protection authorities and impacted users and launched a comprehensive investigation.
  • The full number of affected accounts and any ransom demands remain under review as Cisco implements enhanced security measures.