Cisco User Data Stolen from Cisco[.]com

Cisco has confirmed that unknown attackers stole user data from Cisco[.]com in a vishing (voice phishing) attack that targeted one of its employees.

The breach was first detected on July 24, 2025. According to Cisco’s internal investigation, the attacker gained unauthorized access to a third-party cloud-based customer relationship management (CRM) system used for customer operations. As a result, the intruders accessed and exfiltrated personal data belonging to Cisco.com users. The stolen information included:

• Full names
• Organization names
• Physical addresses
• Cisco-issued user IDs
• Email addresses
• Phone numbers
• Account metadata (such as account creation dates)

Cisco stressed that the attacker did not access internal corporate data, confidential client information, passwords, or any highly sensitive records. The breach did not impact Cisco products, services, or other CRM environments used by the company.

“Upon discovering the attack, we immediately revoked the attacker’s access to the CRM system and launched a full investigation,” Cisco stated. “We notified affected users as required by law and informed data protection authorities. We’re also reinforcing our internal security practices—particularly around vishing awareness and employee training.”

As of now, Cisco has not disclosed how many users were affected or whether the attackers issued any ransom demands to suppress or monetize the stolen data.

While Cisco did not identify the CRM platform involved, BleepingComputer reports suggest that the breach may be linked to infrastructure hosted by Salesforce. The attack method—social engineering coupled with vishing—is consistent with tactics used by known extortion groups.

One of those groups is ShinyHunters, a threat actor previously flagged by Google for targeting major enterprises. In recent months, ShinyHunters has been linked to similar breaches affecting:

• Adidas
• Qantas (Australia’s national airline)
• Allianz Life (insurance)
• LVMH brands including Louis Vuitton, Dior, and Tiffany & Co.
• Chanel

Cisco's disclosure adds to a growing trend of attackers using highly targeted social engineering—not just technical exploits—to breach enterprise defenses. In this case, one phone call was all it took.