Cisco said it has notified a limited set of customers about files that were accessed by a hacker during an incident announced in October. 

The tech giant has repeatedly denied that it suffered a breach but said on October 18 its investigation into the incident revealed that a threat actor downloaded data on a public-facing DevHub environment — a platform the company uses to make software code, scripts and more available for customers. Cisco admitted that a “small number of files that were not authorized for public download may have been published.”

On Thursday, Cisco updated its statement and said “a limited set of CX Professional Services customers had files included and we notified them directly.” 

“In the event that we identify further customer files, we will notify the relevant customers. Customers with outstanding questions can follow up with their account teams,” the company said. 

The statements follow claims made on a cybercrime forum by a prominent hacker who on October 14 shared troves of allegedly stolen technical documents as well as production source code from a broad range of Fortune 500 companies.

The hacker took to social media site X this weekend to claim Cisco offered $200,000 to get the person to take the post down, an offer they declined. When asked for comment about this post, a Cisco spokesperson directed Recorded Future News to the statements released last Thursday and throughout the month of October. 

After the dark web post was revealed, Cisco said it was working with law enforcement to investigate the claims. The company has repeatedly said there was no breach of its systems and no leak of sensitive personal information or financial data. 

But the company removed public access to the site where the hacker took the documents from and later compiled a list of the files that they believe the threat actor downloaded while the repositories were publicly available. 

“The vast majority of the information on our DevHub site is software artifacts (e.g., software code, templates, and scripts) that we intentionally make publicly available,” the company said. 

“We have, however, identified files that were not intended for public download that were inadvertently published on the site as a result of a configuration error. These files were not discoverable or indexed by search engines, such as Google.”

The configuration error has been corrected, according to the October 31 statement, and the company continues to review the content of the accessed files. 

“We have not identified any information in the content that an actor could have used to access any of our production or enterprise environments,” the company said. 

Cisco previously dealt with a data breach in 2022, when a Yanluowang ransomware attack resulted in the theft of documents from an employee Box folder.