Cisco database hacked; warns Live! visitors (and Cpt. Dave)

By Richi Jennings. July 9, 2010.

Cisco is warning of a data breach in one of its databases. Attendees of its Cisco Live! 2010 conference received email telling them that their details may have been stolen. In IT Blogwatch, bloggers unpick the story.

Your humble blogwatcher selected these bloggy morsels for your enjoyment. Not to mention Independence Day over Pensacola...
(CSCO)
 
 
Tim Greene is not envious:

Sometime last Thursday afternoon a vendor told Cisco that someone had made "an unexpected attempt to access attendee information" ... [via] the event Web site. ... That lead to the general notification. ... Details about less than 20% of those on the list were compromised. ... [The] information consisted of Cisco Live badge numbers, names, titles, company addresses and e-mail addresses.
...
Cisco says it has taken measures to lock down the data and has no more to say. ... If certain categories of data are compromised, businesses ... must by law notify the people whose data was exposed. Cisco says this was not the case here.

Larry Chaffin broke the story:

I am just amazed that a company this size has something like this happen. ... Cisco is telling me that they “believe” they know what information was accessed ... they also believe they know that “no other information was accessed.” How can Cisco tell me that? ... Are they giving out access to a database of all the information?
...
Cisco used to be about routing, switching and security. Now it is about ... a copy of the iPad, video everywhere and CTOs who ... Twitter all day long. ... Cisco has become a marketing machine that twists and turns words. ... Cisco has lost their way ... maybe this embarrassing security problem will make them re-focus again.

Cisco's Kristin Carvell is very, very sorry:

Our first priority is the security of our attendees, and we take their privacy very seriously. The ability to access this information was immediately removed ... The matter was elevated to Cisco’s chief security officer for immediate review.
...
[We] offer our apologies for any inconvenience.

Brian S. Julin is clearly not a Cisco fanboi:

Cisco's customers will not find bureaucratic bungling from them to be anything out of the ordinary ... they are very used to it.

But Locutus wonders if blaming Cisco is entirely fair:

These conferences always look like they are run by someone other than the company or companies owning the show. ... Wingateweb.com ran the registration or it looks like they did.
...
So before people blame Cisco ... you might want to ask who really was to blame. ... Very often the on site software for registering and checking in is not only run on Windows laptops but they are very poorly done. ... I would not doubt that many many other conference databases have been hacked but this Cisco conference hack was found out because they are very security minded.

Meanwhile, Lord Ender asks, "So what?":

I can't think of anything less important than seeing phonebook-style data made public. Losing credit card numbers or bank account numbers for large groups is bad; losing email addresses is not.

And eln is suitably sarcastic:

I can't even imagine what would happen if anyone found out I had attended a Cisco conference. I would be a social pariah. My children wouldn't be able to look me in the eye. My wife would leave me. The dog would run away. Even my cats would look at me even more disdainfully than they usually do.

And Finally...
Captain Dave opens the Airbus-flying kimono
 
 
Don't miss out on IT Blogwatch:

• Subscribe to the Computerworld Blogs and IT Blogwatch newsletters
• Catch up with posts from the previous few days

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: itbw@richij.com.

You can also read Richi's full profile and disclosure of his industry affiliations.