Cisco has disclosed a data breach impacting a third-party customer relationship management (CRM) system.
The incident came to light on July 24, when Cisco learned that one of its representatives had been targeted in a vishing attack. The threat actor had managed to access and steal a “subset of basic profile information” from an instance of a third-party CRM system used by Cisco.
The networking giant immediately took steps to terminate the hacker’s access to the CRM system. An investigation determined that the attacker obtained information provided by individuals who registered an account on Cisco.com.
The compromised information includes name, email address, phone number, organization name, address, a Cisco-assigned user ID, and metadata related to the account (eg, account creation date).
Cisco said the hacker did not obtain any confidential or proprietary information belonging to its organizational customers. Passwords or other types of sensitive data were also not affected.
“Cisco did not identify any impact to our products or services, and no other Cisco CRM instances were affected,” Cisco said.
Impacted users have been notified, as well as data protection authorities.
“Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community,” Cisco said. “We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks.”
This is not the only data breach suffered by Cisco recently. In December 2024, the notorious hacker IntelBroker leaked gigabytes of files, including source code, scripts, digital certificates, and configuration files pertaining to Cisco products.
Cisco confirmed the data was authentic, but said its systems had not been breached — the data was taken from a public-facing DevHub environment that served as a resource center for customers. While much of the data from this DevHub instance had already been public, some of the stolen files were not supposed to be public.
Related: Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report
Related: Tea App Takes Messaging System Offline After Second Security Issue Reported
Related: NASCAR Confirms Personal Information Stolen in Ransomware Attack
