Cisco has confirmed a data breach affecting Cisco.com user accounts after cybercriminals carried out a voice phishing (vishing) attack on one of its employees.
The company detected the incident on July 24 and determined that attackers tricked a staff member into granting access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco. This access enabled the theft of user information tied to Cisco.com accounts.
The stolen data includes names, organization names, physical addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates. Cisco emphasized that the attackers did not obtain confidential business information, passwords, or other sensitive credentials. The breach did not affect Cisco’s products, services, or other CRM systems.
Cisco said in a statement:
“Upon learning of the incident, the actor’s access to that CRM system instance was immediately terminated and Cisco commenced an investigation. Cisco has engaged with data protection authorities and notified affected users where required by law.”
The company also confirmed new security measures are being rolled out to prevent similar incidents, including renewed employee training on detecting and avoiding vishing attacks.
Cisco has not disclosed the number of affected accounts or whether a ransom demand was made.
Possible Link to Ongoing Salesforce Data Theft Campaign
While Cisco did not confirm the CRM vendor involved, security sources indicate the breach may be part of the broader Salesforce-related attacks seen in recent months. These campaigns, linked to the ShinyHunters extortion group, use social engineering and phishing tactics to steal Salesforce credentials and download corporate data.
Victims are then extorted under the threat of public data leaks. ShinyHunters has confirmed that companies refusing to pay face mass data leaks, similar to what occurred in previous Snowflake-related incidents.
Salesforce addressed the situation in a statement to BleepingComputer:
“Salesforce has not been compromised, and the issues described are not due to any known vulnerability in our platform. While Salesforce builds enterprise-grade security into everything we do, customers also play a critical role in keeping their data safe — especially amid a rise in sophisticated phishing and social engineering attacks.”
The company urged customers to enable multi-factor authentication, enforce least privilege principles, and carefully manage connected apps.
In addition to Cisco, other major brands have been impacted by similar breaches, including Adidas, Qantas, Allianz Life, and LVMH-owned labels Louis Vuitton, Dior, and Tiffany & Co. Fashion house Chanel was also affected.
This is not Cisco’s first security incident. In October, the company took its DevHub portal offline after a threat actor leaked internal files on a hacking forum. That breach was later traced to a misconfigured public-facing portal.
