Cisco has confirmed a data breach resulting from a voice phishing attack that compromised personal information of users registered on . The incident, discovered on July 24, involved a cybercriminal impersonating a trusted entity over the phone to deceive a Cisco employee. This manipulation granted the attacker access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco, from which they exported user data.
The stolen information includes names, organization names, physical addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates. Cisco emphasized that no passwords, proprietary data, or sensitive organizational information were compromised. The breach did not affect Cisco’s core products or services, and access to the compromised CRM instance was terminated immediately upon discovery.
Security researchers have linked this attack to a broader campaign targeting companies that rely on CRM platforms like Salesforce. The notorious ShinyHunters group is suspected to be behind similar incidents involving high-profile brands such as Allianz, Qantas, and LVMH. These attacks exploit the human element of cybersecurity—bypassing technical defenses through social engineering tactics like vishing, where attackers use phone calls to manipulate employees.
Cisco has notified affected users where legally required and is working with data protection authorities. The company is also implementing additional security measures, including employee re-education on identifying and responding to phishing threats. While the exact number of affected users remains undisclosed, the incident underscores the growing sophistication of social engineering attacks and the need for robust human-centric security protocols.
