Cisco has confirmed a new data breach after a vishing (voice phishing) attack tricked a company representative into exposing access to a third-party CRM system. Detected on July 24, 2025, the breach compromised basic user details such as names, emails, and phone numbers of Cisco.com registrants. While the data was non-sensitive, the incident underscores a rising and dangerous trend: cybercriminals bypassing traditional defenses by exploiting the human factor.
In this episode, we unpack how vishing—often using AI-driven deepfake voices—has surged by over 1,600% in 2025, targeting employees in IT, HR, and customer service roles. Unlike email phishing, vishing sidesteps filters and relies on psychological tactics like urgency, fear, and authority to manipulate victims. Cisco’s quick response included securing its systems and launching enhanced staff retraining programs to prevent future attacks.
But this isn’t the first breach Cisco has faced. In October 2024, the notorious hacker IntelBroker infiltrated Cisco’s DevHub environment, exfiltrating source code and sensitive archives. Taken together, these incidents highlight the dual threats of sophisticated cybercriminals and highly effective social engineering campaigns.
We’ll explore why CRM data is considered the “crown jewels” of enterprises, the dangers of third-party vendor risks, and why layered security is no longer optional. From vendor due diligence and multi-factor authentication to real-time monitoring and incident response playbooks, this breach is a case study in how attackers exploit gaps in security culture—not just technology.
With AI making vishing more convincing than ever, the big question remains: can companies like Cisco keep pace with the evolving threat landscape?
#Cisco #DataBreach #Vishing #VoicePhishing #IntelBroker #Cybersecurity #CRMData #ThirdPartyRisk #AIPhishing #SocialEngineering #DataSecurity #IncidentResponse #MultiFactorAuthentication #DevSecOps #DeepfakeThreats #Cybercrime #SupplyChainSecurity
