Cisco.com User Data Breached via Vishing Attack

Cisco has confirmed a data breach that exposed personal information of users registered on Cisco.com, following a voice phishing (vishing) attack that compromised a company employee.

The breach, detected on July 24th, occurred after the attacker deceived an employee into granting access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco. Through this access, the attacker stole user profile data, including names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as account creation dates.

Cisco clarified that no passwords, sensitive information, or confidential data belonging to organizational customers were accessed. The incident also did not impact Cisco products, services, or other CRM instances.

“Upon discovery, we immediately terminated the attacker’s access and launched an investigation,” Cisco said in a statement. The company has notified data protection authorities and affected users where legally required.

To prevent similar incidents, Cisco is strengthening its security posture and re-educating employees on recognizing and avoiding vishing attacks.

Cisco has not yet revealed the number of affected users or whether a ransom demand was made.