Somebody clicked on a stupid attachment, and miscreants walked all over Cisco's IT.
I would say kudos to Cisco's security team for at least detecting them, but unfortunately they still got off with data.
Ideally, they should have been blocked before that.
Now the question is : why on God's Green Earth didn't they deploy an encryption tool ?
Did they save that for next time ?