IT giant Cisco, which makes networking hardware, software, and telecommunications equipment, recently faced a major data breach, the company disclosed on Friday.
A Cisco representative fell victim to a voice phishing or “vishing” attack, when a caller pretends to be a legitimate individual or organization, and tricked the employee over the phone to obtain the personal information of Cisco.com users.
The bad actor was able to access and export a subsection of profile information from Cisco’s cloud customer management system. They stole data from individuals who had registered for a Cisco.com account, including customer names, organization names, addresses, email addresses, and phone numbers.
Cisco discovered the breach on July 24. The company stated that the data breach did not affect passwords or impact any of its products or services. It added that it notified affected customers where required by law and talked to data protection authorities.
“We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks,” Cisco stated in the disclosure.
Cisco declined to provide details of the breach to TechCrunch, including how many users were impacted by it. The company has more than 300,000 global customers. Cisco had a market value of $268 billion at the time of writing, with its stock up over 14% year-to-date.
Related: AT&T Customers Are Eligible for Up to $5,000 in a New Settlement. Here’s What to Know.
Cisco uses Salesforce to manage customer relationship data, and this incident was one in a series of recent attacks that impacted Salesforce customers. For example, U.S. insurance company Allianz Life uncovered a data breach last month that exposed the personally identifiable information of the majority of its 1.4 million customers, including addresses, dates of birth, and Social Security numbers.
Two of the company’s customers, Cheryl Marotta and David Werner, filed a class action lawsuit on Tuesday related to the breach, alleging that Allianz failed to safeguard their personal information because the data was unencrypted and stored in one database.
Another company, Australian airline giant Qantas, also underwent a data breach on June 30, which impacted the personal information of more than six million customers. The bad actor called one of the company’s call centers and used the call to steal information like names, phone numbers, and dates of birth.
Join top CEOs, founders and operators at the Level Up conference to unlock strategies for scaling your business, boosting revenue and building sustainable success.