Cisco Discloses Data Breach Exposed User Profiles from Cisco.com

Cisco Systems has disclosed a data breach that compromised basic profile information of users registered on Cisco.com following a successful voice phishing attack targeting one of the company’s representatives.

The incident resulted in unauthorized access to a third-party cloud-based Customer Relationship Management (CRM) system used by the networking giant.

The breach occurred when a malicious actor executed a vishing attack against a Cisco employee, ultimately gaining access to export a subset of user data from the compromised CRM instance.

According to Cisco’s official disclosure, the exported information primarily consisted of basic account profile details including names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates.

Upon discovering the incident, Cisco immediately terminated the threat actor’s access to the affected CRM system and launched a comprehensive investigation.

The company emphasized that the breach was limited in scope, stating that “the actor did not obtain any of our organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information.”

Cisco confirmed that no other CRM instances were compromised during the attack, and the incident did not impact the company’s products or services.

The breach appears to have been contained to a single instance of the third-party CRM platform, limiting the potential damage to user data.

Following standard data breach protocols, Cisco has engaged with relevant data protection authorities and begun notifying affected users as required by applicable laws.

The company has not disclosed the exact number of users impacted by the breach, though it appears to affect individuals who had registered accounts on the Cisco.com platform.

In response to the incident, Cisco is implementing additional security measures designed to prevent similar attacks in the future.

The company specifically highlighted plans to re-educate personnel on identifying and defending against vishing attacks, recognizing the human element as a critical vulnerability in cybersecurity defense.

“Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community,” Cisco stated in its disclosure, emphasizing the company’s commitment to transparency and continuous improvement in security practices.

This incident highlights the growing threat of social engineering attacks, particularly vishing, which combines traditional phishing techniques with voice communication to manipulate targets.

The attack demonstrates how cybercriminals are increasingly targeting employees directly rather than relying solely on technical vulnerabilities.

Cisco has apologized for any inconvenience caused by the incident and encouraged customers and partners with questions to contact their designated account teams for additional information and support.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!