Cisco has disclosed a data breach involving a third-party cloud-based CRM system, after an attacker gained limited access through a voice phishing (vishing) attack on one of its representatives. The incident, which was discovered on July 24, exposed basic user information such as names, email addresses, and phone numbers of individuals who had registered on Cisco.com.
In an official statement, Cisco explained that the attacker used social engineering tactics to target a company representative, ultimately accessing and exporting a subset of basic profile data from one CRM instance used by the company.
Upon discovering the breach, Cisco promptly cut off the attacker’s access and launched an investigation. The company confirmed that no passwords, sensitive data, customer information, or core systems were compromised. All Cisco products and infrastructure remained secure. Relevant authorities and affected users were notified.
Cisco also stated it is reinforcing its security protocols and retraining its workforce to recognize and respond to vishing threats more effectively.
“Every cybersecurity incident presents a chance to improve our defenses and contribute to broader security awareness,” Cisco said. “We’re implementing additional measures and re-educating our personnel to help prevent similar incidents in the future. We apologize for any concern this may have caused.”
This breach follows a previous incident in October 2024, where the hacker known as IntelBroker leaked stolen Cisco data on a cybercrime forum. The stolen material reportedly came from Cisco’s DevHub environment and included sensitive internal assets like source code, credentials, certificates, and cloud storage access across platforms such as GitHub, GitLab, SonarQube, and Azure.
Despite these past and recent breaches, Cisco continues to stress its commitment to strengthening its cybersecurity posture and protecting its users.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
