Representatives from Cisco reported that unknown attackers stole user information from Cisco[.]com as a result of a vishing attack (phone-based phishing) targeted at one of the employees.
The incident was detected on July 24, 2025. The investigation revealed that the attacker fraudulently gained access to a third-party provider’s cloud CRM system used by Cisco for customer relations. As a result, personal data from Cisco.com users were stolen, including: names, organization names, addresses, user IDs issued by Cisco, email addresses, phone numbers, and account metadata, including their creation dates.
The company emphasizes that the attacker did not gain access to confidential or internal information of corporate clients, nor to passwords or other sensitive data. The incident did not affect Cisco’s products and services, as well as other instances of the CRM system.
“When we discovered the attack, the intruder’s access to the compromised CRM system was immediately blocked, and Cisco initiated an investigation. We contacted data protection authorities and notified affected users, if required by law,” the company stated. “We are strengthening security measures to reduce the risk of such incidents in the future, including retraining employees on how to recognize and prevent phishing attacks.”
It has not been reported how many users were affected by this breach or if the attackers demanded a ransom for nondisclosure of the data.
Although Cisco did not disclose which CRM system was affected, the publication Bleeping Computer suggests that this incident may be related to Salesforce infrastructure, the use of social engineering, and vishing.
In recent months, similar attacks have been linked to the extortion group ShinyHunters, and Google’s specialists had previously warned about the group’s activity. Nearly identical breaches have already affected: Adidas, Qantas Airways, insurance company Allianz Life, several LVMH brands (Louis Vuitton, Dior, and Tiffany & Co), as well as the fashion house Chanel.