Cisco denies data breach exposed sensitive personal data


While Cisco admitted that some of the leaked data was not meant for the public eye, the company claims that none of its internal systems were penetrated in the recent attack.

The US tech multinational’s investigation into the breach revealed that attackers accessed the company’s resource center, supporting customer-facing software, and not its internal systems.

“We have determined that the data in question is on a public-facing DevHub environment – a Cisco resource center that enables us to support our community by making available software code, scripts, etc., for customers to use as needed,” the company said in an updated incident report.

ADVERTISEMENT

Cisco stressed that there is no indication that any of its internal systems were breached. However, the company admitted that a “small number of files” that were not supposed to be publicly available “may have been published.”

The American multinational said that its investigators had not observed any confidential data taken from it. In a statement published on October 18th, Cisco disabled public access to the DevHub site until the incident investigation was complete.

On the same day, IntelBroker, the attacker behind the alleged attack, said that Cisco “finally revoked” his access to the company’s files. Two days after he published the attack, IntelBroker posted a message on X asking why he still has access if the company is aware of the attack.

Last week, the attacker announced that they stole massive amounts of data from Cisco, including the company’s business customer data. The hacker’s post on a data leak forum indicated that hundreds of organizations, including the likes of Amazon, Samsung, Disney, Apple, IBM, and the US military have allegedly been impacted.


ADVERTISEMENT