Cisco experienced a voice phishing attack that allowed attackers to download basic account profile information from a third-party customer relationship management system. The compromised data included names, organization names, addresses, user IDs, email addresses, phone numbers, and account creation dates. Cisco confirmed that no confidential information, passwords, or other sensitive data were exposed during this breach. Investigators found no indications of other CRM instances being compromised or any impact on Cisco's products or services. Voice phishing has become a favored tactic among various threat actors to infiltrate even highly secure organizations.
Cisco's investigation revealed that a voice phishing attack compromised a representative, resulting in the downloading of basic account profile information of users from a third-party CRM.
Exported data primarily consisted of names, organization names, addresses, Cisco assigned user IDs, email addresses, phone numbers, and account-related metadata such as creation date.
The breach did not expose confidential or proprietary information, password data, or other sensitive information, and no evidence suggested compromise to other CRM instances.
Phishing attacks, especially through voice calls, have become a prevalent method for threat actors to breach well-protected organizations, including Microsoft and Twilio.
Collection
[
|
...
]