Cisco Duo customers may have had VoIP and SMS MFA logs exposed to an attacker in early April. Third party breach is the result of one of the provider's employees being phished. The attackers then seemed to target the MFA logs of specific clients of interest.