Cisco Says Voice Phishing Breach Exposed Basic Data of Cisco.com Users

Cisco Systems said a cyber-criminal obtained limited customer information after duping a company representative in a voice phishing, or “vishing,” call. The breach, discovered on 24 July, allowed the attacker to export basic profile details from one instance of a third-party cloud-based customer-relationship-management platform used for Cisco.com accounts. Stolen data include customer names, organisation names, physical addresses, email addresses, phone numbers, Cisco-assigned user IDs and related account metadata. Cisco stressed that no passwords, confidential customer material, proprietary information or core products and services were compromised, and that the intruder’s access was terminated immediately. The networking company has notified regulators and impacted users and is bolstering defences by adding security controls and retraining staff to spot vishing attempts. Cisco did not disclose how many users were affected.