Cisco Systems says a vishing attack targeting one of its employees has led to a data breach exposing the personal information of Cisco.com user accounts via an unnamed third-party CRM system.
In an event response notice posted on its website Friday, Cisco said it was first made aware of the cybersecurity incident on July 24th.
The networking behemoth said the attack led to the unauthorized access and extraction of data determined to be "a subset of basic profile information from one instance of a third-party, cloud-based Customer Relationship Management (CRM) system that Cisco uses.”
Targeting the Cisco representative through a voice phishing attack (vishing), the company said the bad actor was able to gain access to the basic account profile information of individuals who registered for a user account on Cisco.com.
That account information is said to have included the user’s:
- Name, address, phone number
- Email address,
- Organization name,
- Cisco assigned user ID,
- Account-related metadata, i.e.. creation date
Highly confidential customer information spared
Cisco further reiterated that the hackers were unable to access any of the company’s organizational customers’ confidential or proprietary information, as well as any passwords or other types of sensitive information.
Based on the investigation, no other Cisco products or services, or Cisco CRM instances, were affected.
Although Cisco did not identify which CRM system had been involved in the "isolated instance," the hacker’s access was “immediately terminated” upon discovery, and data protection authorities were notified. Popular CRM software systems include Salesforce, Zoho, HubSpot, and Microsoft Dynamics 365.
Apologizing for any inconvenience or concern due to the breach, the company noted that "every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community.”
“We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks,” it said.
Salesforce CMR attacks rampant in recent months
Multiple incidents in recent months have involved hackers successfully gaining access to the CMR systems of major companies by targeting Salesforce customers using social engineering attacks. However, a Salesforce connection to the recent Cosco attack is unknown.
In a March 2025 blog, Salesforce warned customers of vishing attacks resulting in the data exfiltration of roughly 20 companies using a modified version of Salesforce’s Data Loader – a tool used to bulk import data into Salesforce environments.
Google’s threat intelligence arm, Mandiant, in June, identified the hacking group Shiny Hunters (UNC6240) behind the recent Salesforce campaign, which Bleeping Computer reported has already impacted Australia’s Qantas airline, Allianz Life insurance company, Adidas, and Louis Vuitton luxury goods maker LVMH.
A Salesforce spokesperson had told Reuters at the time there was no indication of any inherent vulnerabilities in the Salesforce platform and that the voice calls used to trick employees were “targeted social engineering scams designed to exploit gaps in individual users’ cybersecurity awareness and best practices.”
In May, hackers gained access and leaked 64GB of data from one of Coca-Cola’s largest distributors, Coca-Cola Europacific Partners, based in the UK. It is suspected that the attackers did not actually breach Coca-Cola’s IT systems, but accessed the data through the company’s Salesforce account instead.
Cisco customers and partners who believe they may have been impacted are encouraged to contact their account teams with additional questions, the security blog said.
The technology solutions company noted that any affected users have already been notified as required by law.
Your email address will not be published. Required fields are markedmarked