Excerpt from BleepingComputer Article, Published on August 5, 2025
Cisco recently confirmed a data breach affecting Cisco.com user accounts following a sophisticated voice phishing attack, also known as vishing. On July 24, 2025, attackers targeted a Cisco employee using social engineering tactics, gaining unauthorized access to a third-party cloud-based Customer Relationship Management (CRM) system Cisco employs. This breach resulted in the theft of basic profile information of registered users, including names, organization names, physical addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates.
Importantly, Cisco emphasized that no sensitive information was compromised. The attackers did not access organizational customers’ confidential data, passwords, authentication tokens, or proprietary information. Cisco’s products and other CRM instances remained unaffected by the incident. Upon detection, Cisco quickly terminated the attacker’s access and launched a thorough investigation. The company has engaged with data protection authorities and notified affected users when legally required.
Cisco considers this event a critical learning point to enhance its security posture. The firm is reinforcing its defenses by providing additional training to personnel to better recognize and thwart vishing attempts. Furthermore, Cisco is implementing stronger security controls to prevent similar incidents from occurring in the future.
This breach highlights the growing threat of social engineering cyberattacks targeting major companies and their vendor ecosystems. Cisco’s prompt response and transparency offer reassurance to its users and the broader cybersecurity community.
To delve deeper into this topic, visit BleepingComputer article.
