Cisco Customers Targeted in Voice Phishing Attack

Cisco.com User Data Breach: Details Emerge

A security incident at Cisco resulted in the compromise of personal data belonging to users of Cisco.com, the company revealed on Tuesday.

The breach stemmed from a sophisticated social engineering attack, specifically a voice phishing, or “vishing,” scheme. This allowed a malicious actor to deceive a Cisco employee and gain unauthorized access to sensitive systems.

How the Breach Occurred

Cisco identified the intrusion on July 24th. Investigations revealed that hackers successfully accessed and exported a portion of fundamental profile data.

This data was housed within a cloud-based CRM system managed by a third-party provider. The incident highlights the risks associated with supply chain vulnerabilities.

Information Compromised

The stolen information encompassed a range of personally identifiable details. This included customer name, organization name, and address.

Additionally, compromised data featured Cisco-assigned user IDs, email addresses, phone numbers, and metadata pertaining to user accounts. This metadata included the date of account creation.

Scope of the Impact

Currently, Cisco has not disclosed the precise number of Cisco.com users affected by this data breach.

Requests for clarification regarding the scale of the incident sent to Cisco spokesperson Carro Halpin have not yet been answered.

Connection to Wider Salesforce Attacks

This incident appears to be part of a growing trend of attacks targeting companies utilizing Salesforce.

Recent victims include prominent organizations such as Allianz Life, Tiffany and Co., and Qantas. These breaches suggest a potential vulnerability within the Salesforce ecosystem.

As a known Salesforce customer, Cisco’s incident adds to the concerns surrounding the security of data stored within these platforms.

This report has been updated to reflect a statement received from Cisco.