Cisco has confirmed a data breach affecting users of its public website, Cisco.com, after a cybercriminal exploited a company representative through a voice phishing attack. The breach, discovered on July 24, targeted a third-party cloud-based CRM system used by the company to manage user profiles and engagement.

What happened?

According to Cisco’s official disclosure, the attacker tricked an employee via a social engineering technique known as “vishing” — a phone-based phishing scheme. This deception granted the actor temporary access to one instance of a cloud-based customer relationship management (CRM) platform. The breach allowed the actor to extract a subset of user profile information from Cisco.com’s registration database.

What data was accessed?

The stolen data includes:

• Full name
• Organization name
• Physical address
• Cisco-assigned user ID
• Email address
• Phone number
• Account metadata (e.g., creation date)

Cisco emphasized that no passwords, sensitive data, or confidential enterprise information were compromised. The company also stated that the breach had no impact on its products or services.

Was Salesforce involved?

While Cisco did not name the specific CRM vendor affected, industry observers suspect the attack may be linked to a broader campaign targeting Salesforce customers. Cisco is a known Salesforce client, and other recent breaches — including incidents at Qantas, Tiffany & Co., and Allianz Life — have followed a similar pattern involving vishing and third-party system exploitation. Cisco has not confirmed whether its Salesforce instance was the system involved.

How did Cisco respond?

Immediately after identifying the breach, Cisco revoked the attacker’s access to the CRM system and launched a full investigation. The company has notified users as required by data protection laws and is cooperating with regulatory authorities. To prevent future incidents, Cisco is implementing additional security measures, including employee training on social engineering threats and enhanced access controls across its systems.

User impact and next steps

While the full number of affected users has not been disclosed, this incident underscores the risks of phishing-based attacks even in large enterprise environments. Users with Cisco.com accounts are advised to remain alert for suspicious communications and verify the authenticity of any Cisco-related outreach. Although passwords were not stolen, good practice suggests reviewing account security settings and enabling multi-factor authentication where available.

Historical context

This Cisco data breach follows a separate October 2024 incident in which threat actors exploited a misconfigured DevHub portal to access non-public customer files. That breach was later confirmed to involve downloads of documents tied to Cisco’s CX Professional Services division. Taken together, these events highlight the persistent challenge of securing third-party systems and publicly accessible developer tools.

Why this matters

For users and IT teams alike, the Cisco data breach is a reminder of how human vulnerabilities — not just technical flaws — can open the door to cyberattacks. With the rise of sophisticated vishing tactics, even well-trained employees can be deceived. Organizations that rely on third-party platforms for customer engagement must enforce robust access governance and incident response plans tailored for social engineering risks.