Cisco disclosed a CRM data breach via vishing attack

Cisco disclosed CRM data breach via vishing attack; basic user info was exposed, but no sensitive data or systems were compromised

Cisco has confirmed a data breach involving a third-party CRM system, exposing basic profile details (e.g. names, emails, and phone numbers) of users who registered on Cisco.com. The breach was discovered on July 24 after a vishing attack targeted one of Cisco’s representatives, allowing the attacker to access limited user information.

“On July 24, 2025 (GMT+9), Cisco was made aware of an incident involving a bad actor targeting a Cisco representative through a voice phishing attack, also known as vishing.” reads the statement published by Cisco. “As a result, the actor was able to access and export a subset of basic profile information from one instance of a third-party, cloud-based Customer Relationship Management (CRM) system that Cisco uses.”

After discovering the breach, Cisco immediately locked out the attackers and launched an investigation, confirming that only basic Cisco.com user profile data was exposed. No sensitive info, passwords, or customer data were compromised, and Cisco’s products and other systems were unaffected. The tech giant notified authorities and impacted users.

The company announced it is enhancing security to prevent future incidents, including retraining staff to recognize and guard against vishing attacks.

“Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community. We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks.” concludes the statement. “We apologize for any inconvenience or concern that this incident may have caused.” 

In October 2024, Cisco confirmed that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment.

IntelBroker gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Confidential Documents, Jira tickets, API tokens, AWS Private buckets, company Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products, and other info.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)