Cisco Discloses Data Breach Impacting Cisco.com User Accounts
Reputable networking equipment giant, Cisco, has revealed a significant data breach that compromised the personal and user information of individuals registered on Cisco.com. The incident occurred following a voice phishing (vishing) attack that targeted a company representative, allowing cybercriminals to gain unauthorized access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco.
After discovering the breach on July 24th, Cisco took immediate action to contain the damage. The attacker tricked an employee and gained access to the CRM system, enabling them to steal sensitive information such as names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata like creation dates.
However, it is worth noting that the company has confirmed that the attacker did not obtain "organizational customers' confidential or proprietary information" or any passwords or other types of sensitive information. This means that the stolen data was limited to basic profile information, which may provide some relief for affected users.
The Impact on Cisco's Products and Services
Cisco has reassured users that the incident did not impact its products or services. The company also confirmed that no other Cisco CRM system instances were affected by the breach.
Upon learning of the incident, the attacker's access to the CRM system instance was immediately terminated, and Cisco commenced an investigation into the matter. The company has engaged with data protection authorities and notified affected users where required by law.
Preventative Measures and Future Mitigation
Cisco has implemented further security measures to mitigate the risk of similar incidents occurring in the future. This includes re-educating personnel on how to identify and protect against potential vishing attacks.
The Larger Context: Salesforce Data Breach Attacks
While Cisco's breach is significant, it is part of a larger wave of Salesforce data theft attacks using vishing and social engineering techniques. Other high-profile companies have been impacted by these breaches, including Adidas, Qantas, Allianz Life, LVMH brands Louis Vuitton, Dior, and Tiffany & Co., as well as fashion giant Chanel.
A Cisco spokesperson was not immediately available to provide further details on the number of affected individuals or confirm whether the data was stolen from a compromised Salesforce instance. However, it is likely that the breach was linked to an ongoing wave of attacks attributed to the ShinyHunters extortion group.
Previous Incidents and Lessons Learned
In October, Cisco took its public DevHub portal offline after a threat actor known as IntelBroker leaked "non-public" data on the BreachForums hacking forum. One month later, the company confirmed that the threat actor downloaded the files from a misconfigured public-facing DevHub portal, including some belonging to CX Professional Services customers.
This incident highlights the importance of robust security measures and employee education in preventing similar breaches in the future. As companies continue to navigate the evolving landscape of cyber threats, it is crucial for organizations to prioritize data protection and employee awareness programs.