Cisco has disclosed that attackers accessed basic profile details of users registered on Cisco.com after successfully targeting a company representative in a voice-phishing (vishing) scheme.
The breach, detected on July 24, 2025, stemmed from a social engineering attack that tricked the employee into granting access to a third-party, cloud-based CRM platform used by Cisco to manage customer data.
Cisco confirmed that the exposed data included names, organization names, email addresses, phone numbers, physical addresses, Cisco‑assigned user IDs, and account metadata like creation dates. Importantly, no passwords, proprietary customer data, or confidential information were compromised, and the incident did not affect Cisco’s products or services.
Upon learning of the intrusion, Cisco immediately revoked the attacker’s access and launched a full investigation. The company notified impacted users and relevant data protection authorities, and confirmed that no other CRM systems or internal platforms were affected.
Although Cisco has not confirmed the identity of the attackers or the CRM vendor involved, the breach bears hallmarks of a broader Salesforce data theft campaign attributed to the ShinyHunters extortion group. This wave of attacks relies heavily on vishing and social engineering to infiltrate cloud-based platforms. In recent weeks, similar incidents have affected major companies including Adidas, Qantas, Allianz Life, Louis Vuitton, Dior, and Tiffany & Co., with Chanel also reportedly impacted, though the company has not confirmed any direct link to the Salesforce-related breaches.
Cisco emphasized that its platform was not breached and that no vulnerabilities were found in its systems. The breach stemmed from compromised user credentials and social engineering, not technological failure. The company is now implementing additional security measures — including re‑training staff to recognize vishing attacks and strengthening access controls — to prevent recurrence.
CyberInsider reached out to Cisco for comment but had not received a response by the time of publication. We will add an update if we hear back from the company.
The incident underlines how attackers can bypass strong technical controls through targeted social-engineering tactics. Even when sensitive data like passwords is not exposed, the compromise of user profiles at scale poses privacy and identity risks. Organizations are reminded to train employees against voice phishing, enforce strict access governance, and monitor third-party CRM usage closely.
Leave a Reply