Cisco has revealed a recent data breach, in which a cybercriminal successfully tricked a company representative into granting access to a third-party database. The attack has been identified as a voice phishing or “vishing” scheme, and has led to the theft of basic profile information for users registered on Cisco.com. The networking giant stated that the hackers accessed and exported a subset of user data. The company did not specify the number of people affected.
Upon learning of the incident on July 24th, the networking equipment giant discovered that the attacker tricked an employee and gained access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco.
This allowed the threat actor to steal the personal and user information of individuals with Cisco.com user accounts, including names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates.
"We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks."
"After becoming aware of the incident, the actor's access to that CRM system instance was immediately terminated and Cisco commenced an investigation. Cisco has engaged with data protection authorities and notified affected users where required by law," the company said.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
