Cisco Live 2010 attendee list hacked

Someone hacked the list of attendees for the recent Cisco Live 2010 users' conference, a security breach that led Cisco to notify the customers as well as a broader group who have dealings with the company.

Cisco says it won't release details about where the data was stored or how it was breached but sometime last Thursday afternoon a vendor told Cisco that someone had made "an unexpected attempt to access attendee information through ciscolive2010.com," the event Web site.

Interesting Data about Data Breaches

That lead to the general notification that Cisco sent to attendees and others who had been invited but did not attend. According to Cisco, details about less than 20% of those on the list were compromised.

Cisco says the breach was closed quickly, "but not before some conference listings were accessed." The compromised information consisted of Cisco Live badge numbers, names, titles, company addresses and e-mail addresses. "No other information was available or accessed," according to the warning Cisco Live's event team sent via e-mail Thursday.

The same information is accessible to Cisco's World of Solutions partners, vendors that exhibit their technology collaborations with Cisco at public events.

Apparently the unexpected access attempt might have been made by someone who was actually authorized to access it, but Cisco isn't sure. "As we cannot yet confirm the information was accessed by an authorized Cisco Live partner, we encourage you to consider the appropriate precautions to protect against any unwanted email," the warning reads.

Others besides those who attended the conference also received the notification e-mail from the Cisco Live 2010 staff, including Network World blogger Larry Chaffin, who raises questions about implications of the breach.

Cisco says it has taken measures to lock down the data and has no more to say about it. "Due to security and privacy considerations, we do not plan to release additional details," a Cisco spokeswoman wrote in response to e-mailed questions about the data breach.

In general, if certain categories of data are compromised, businesses responsible for the integrity of the data must by law notify the people whose data was exposed. Cisco says this was not the case here. "No, we were not required to do so but felt it was our responsibility to inform impacted attendees as quickly as possible," the spokeswoman wrote in response to an e-mailed question.

This is the text of the notice Cisco sent to the Cisco Live 2010 attendee list and those who were invited but did not attend:

"We hope you have returned home safely and are back into your normal routine after a busy week at Cisco Live 2010. 

"We are contacting you because on the final afternoon of Cisco Live, one of our vendors identified an unexpected attempt to access attendee information through ciscolive2010.com. The ability to access this information was quickly removed, but not before some conference listings were accessed.

"Cisco Live takes the security of attendee information very seriously and immediately elevated this matter to our chief security officer. His team completed a thorough review and as a result we believe your registration information -- specifically your Cisco Live badge number, name, title, company address and email address -- was accessed. No other information was available or accessed.

"Although these details are commonly accessed by our World of Solutions partners and often freely provided by Cisco Live attendees, we felt it was our responsibility to inform you as quickly as possible. As we cannot yet confirm the information was accessed by an authorized Cisco Live partner, we encourage you to consider the appropriate precautions to protect against any unwanted email. Please accept our apologies for any inconvenience that may result and feel free to contact us directly at support@ciscolive2010.com if you have any additional questions or information.

"We hope you enjoyed your Cisco Live experience and we look forward to welcoming you to Las Vegas in 2011.

"Regards,

"Cisco Live 2010 Team"

Read more about wide area network in Network World's Wide Area Network section.

Tags Cisco Live 2010securityciscodata breach

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?