Cisco discloses data breach following voice phishing attack targeting CRM system

Cisco has confirmed that cybercriminals stole personal data belonging to users registered on Cisco.com after successfully executing a voice phishing, or “vishing,” attack against a company representative. The incident, discovered on July 24, compromised a third-party cloud-based Customer Relationship Management (CRM) system used by the networking giant.

According to Cisco, the attacker gained access to the CRM system after deceiving an employee, allowing the unauthorized party to exfiltrate user information such as names, organization names, physical addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata like creation dates. The breach affected only individual Cisco.com account holders, not enterprise customer data.

The company emphasized that the incident did not involve any sensitive information, such as passwords or confidential corporate data. Cisco also clarified that its core products and services remain unaffected, and no other CRM system instances were compromised.

"Upon learning of the incident, the actor’s access to that CRM system instance was immediately terminated and Cisco commenced an investigation," the company stated. "Cisco has engaged with data protection authorities and notified affected users where required by law."

In response to the breach, Cisco said it is rolling out additional security measures and re-training staff to recognize and prevent vishing attempts, which are becoming increasingly common in targeted attacks against enterprise environments.

While Cisco has not confirmed the identity of the attacker or revealed how many individuals were affected, the breach bears similarities to a string of recent incidents tied to the ShinyHunters extortion group. This threat actor has been linked to a growing wave of Salesforce-related data thefts, where attackers use social engineering techniques to gain access to corporate CRM platforms.

Several major companies, including Adidas, Qantas, Allianz Life, Chanel, and LVMH brands such as Louis Vuitton, Dior, and Tiffany & Co., have recently disclosed similar breaches involving Salesforce instances. Although Cisco has not verified whether Salesforce was the CRM platform targeted in this incident, the tactics and timing align closely with the broader campaign.

This is the second publicly known data security incident involving Cisco in the past year. In October, the company took its DevHub portal offline after a hacker known as IntelBroker leaked non-public information on the BreachForums site. Cisco later confirmed that data was obtained from a misconfigured public-facing portal and included files related to CX Professional Services customers.