Cisco discloses data breach impacting Cisco.com user accounts

Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative.

After becoming aware of the incident on July 24th, the networking equipment giant discovered that the attacker tricked an employee and gained access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco.

This allowed the threat actor to steal the personal and user information of individuals with Cisco.com user accounts, including names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates.

However, the company said that the attacker didn’t obtain “organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information.”

Cisco added that the incident didn’t impact its products or services, and no other Cisco CRM system instances were affected.

“Upon learning of the incident, the actor’s access to that CRM system instance was immediately terminated and Cisco commenced an investigation. Cisco has engaged with data protection authorities and notified affected users where required by law,” the company said.

“We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks.”

Cisco has yet to disclose how many individuals had their personal and user account information stolen in the incident, and whether the attackers requested a ransom in exchange for not leaking the stolen data online.

A Cisco spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

In October, Cisco also had to take its public DevHub portal offline after a threat actor known as IntelBroker leaked “non-public” data on the BreachForums hacking forum.

One month later, the company confirmed that the threat actor downloaded the files from a misconfigured public-facing DevHub portal, including some belonging to CX Professional Services customers.