Duo Security Incident 4.16.24

What Happened

On April 16, 2024, Cisco Duo informed affected customers of a breach involving their SMS and VOIP multi-factor authentication (MFA) service provider. The breach occurred on April 1st due to a phishing attack, allowing unauthorized access to the provider’s systems, including SMS and VoIP MFA message logs for specific Duo accounts between March 1st and March 31st, 2024. Though the threat actor accessed message logs, they did not obtain message content. The exposed data included phone numbers, carriers, location data, and timestamps, potentially enabling targeted phishing campaigns.  
CIT does not utilize Duo to access any of our internal systems. CIT confirmed with Duo support that none of our customers were impacted by this event.

Additional Information

Cisco Duo Advisory (Sent only to affected customers)

If you have any additional questions, please reach out to CIT at  security@cit-net.com.

About CIT

CIT Careers

Rooted in Minnesota with innovators nationwide, we’re tech problem-solvers & solution providers. From cybersecurity to support engineers, we’re powered by passion & precision, aiming to transform adversity into advancement. Together, let’s redefine the digital horizon.

Get in contact: email us at info@cit-net.com or call 651.255.5780

Copyright: © 2024. All Rights Reserved.

CIT is designated autism-friendly by autism speaks