US-based networking giant Cisco has reported falling victim to a vishing attack, a type of social engineering scam where attackers use voice calls to trick people into giving up sensitive information
In a statement, the company says on 24 July, Cisco was made aware of an incident involving a bad actor targeting a Cisco representative through a voice phishing attack, also known as vishing.
As a result, the actor was able to access and export a subset of basic profile information from one instance of a third-party, cloud-based customer relationship management (CRM) system that Cisco uses, it explains.
According to the company, upon learning of the incident, the actor’s access to that CRM system instance was immediately terminated and Cisco commenced an investigation.
“Our investigation has determined that the exported data primarily consisted of basic account profile information of individuals who registered for a user account on Cisco.com (name, organisation name, address, Cisco assigned user ID, e-mail address, phone number, and account-related metadata – such as creation date).
According to Cisco, the actor did not obtain any of its organisational customers’ confidential or proprietary information, or any passwords or other types of sensitive information.
Cisco did not identify any impact to our products or services, and no other Cisco CRM instances were affected, it adds.
Cisco notes that it has engaged with data protection authorities and notified affected users where required by law.
“Every cyber security incident is an opportunity to learn, strengthen our resilience, and help the wider security community. We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks.
“We apologise for any inconvenience or concern that this incident may have caused. Customers and partners with additional questions are encouraged to contact their account teams.”
Share