Cybercriminals have stolen data from a CRM from the Cisco network equipment supplier. The hackers obtained this data via a visiting attack targeting an employee.
Cisco announces a data leak linked to an incident that could potentially have compromised user information who has created an account on the cisco.com site. According to the press release, a malicious actor has managed to access a cloud body of a customer relations management system (CRM) of a third party used by the network supplier. The criminals stole some of the basic profile information.
Cisco specifies that copied data include names of people, businesses and users, postal addresses and e-mails, telephone numbers and metadata linked to accounts, as their creation date. The group ensures that no sensitive information, passwords or confidential data from professional customers has been compromised and specifies that “no impact on our products or services and no other CISCO body has been assigned”.
According to the press release, criminals have obtained access to customer data thanks to a vocal phishing attack (VISHING) targeting an employee. As soon as the incident was discovered, access was immediately blocked for the malicious author and the competent authorities as well as the users concerned were informed, in accordance with the law.
Cisco stresses that each security incident is an opportunity to progress. “We are implementing additional security measures to minimize the risk of such incidents in the future, including continuing staff training on the detection and prevention of potential visiting attacks,” promises the company.
