Cisco has confirmed a data breach involving the theft of user information from its cloud-based CRM system, following a targeted voice phishing — or "vishing" — attack. The company disclosed that an attacker tricked a Cisco representative into granting access to a third-party platform, resulting in the compromise of user data registered on Cisco.com.
The breach was identified on July 24, 2025. “A bad actor targeted a Cisco representative through a voice phishing attack,” the company said in a statement. “This allowed access to one instance of a third-party CRM platform used by Cisco, from which a subset of basic profile information was exported.” Cisco claims access was promptly revoked and an investigation was launched.
The compromised data includes names, organisation names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and metadata related to account activity, such as creation dates. The exact number of affected users has not been disclosed.
According to Bleeping Computer, this breach may be linked to a wider campaign targeting Salesforce customers. Other reported victims include Allianz Life, Tiffany & Co., and Qantas. Cisco is a known Salesforce client.
What is voice phishing or ‘vishing’?
Voice phishing is a type of social engineering attack where fraudsters impersonate trusted contacts over phone calls to extract sensitive data. These attacks often mimic banks, tech support agents, or internal company figures, tricking victims into revealing credentials or access details.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
