Post

Cisco Disclosed A Crm Data Breach

Posted
By 10alert
3 min read

Based on the provided guidelines, here is the rewritten and enhanced article:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

---
title: "Cisco Data Breach: Vishing Attack Exposes Basic User Information"
categories: [Cybersecurity, Data Breaches]
tags: [cisco, data breach, vishing]
author: "Tom"
date: 2025-08-05
---

## TL;DR
Cisco confirmed a data breach involving a third-party CRM system, exposing basic user information such as names, emails, and phone numbers. The breach, discovered on July 24, 2025, was due to a vishing attack targeting a Cisco representative. No sensitive data or systems were compromised, and Cisco has taken steps to enhance security and prevent future incidents.

## Cisco Data Breach: Vishing Attack Exposes Basic User Information

Cisco has confirmed a data breach involving a third-party CRM system, exposing basic profile details of users who registered on Cisco.com. The breach was discovered on July 24, 2025, after a vishing attack targeted one of Cisco’s representatives, allowing the attacker to access limited user information.

### Details of the Breach

According to the statement published by Cisco:

> "On July 24, 2025 (GMT+9), Cisco was made aware of an incident involving a bad actor targeting a Cisco representative through a voice phishing attack, also known as vishing. As a result, the actor was able to access and export a subset of basic profile information from one instance of a third-party, cloud-based Customer Relationship Management (CRM) system that Cisco uses."

The exposed data includes basic profile information such as names, emails, and phone numbers. However, no sensitive information, passwords, or customer data were compromised. Cisco’s products and other systems remained unaffected by the breach.

### Cisco's Response

Upon discovering the breach, Cisco immediately locked out the attackers and launched an investigation. The company confirmed that only basic Cisco.com user profile data was exposed. Cisco has notified the authorities and the impacted users about the incident.

Cisco is enhancing its security measures to prevent future incidents, including retraining staff to recognize and guard against vishing attacks. The company stated:

> "Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community. We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks. We apologize for any inconvenience or concern that this incident may have caused."

### Previous Security Incident

In October 2024, Cisco confirmed that data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment. IntelBroker gained access to various sensitive information, including Github projects, Gitlab projects, SonarQube projects, source code, hard-coded credentials, certificates, confidential documents, and more.

### Conclusion

Cisco's recent data breach highlights the ongoing threat of vishing attacks and the importance of robust cybersecurity measures. While the breach did not expose sensitive data, it serves as a reminder for companies to continuously enhance their security protocols and educate their employees on recognizing and preventing such attacks.

For more details, visit the full article: [source](https://securityaffairs.com/180816/data-breach/cisco-disclosed-a-crm-data-breach-via-vishing-attack.html)

Follow for more updates on Twitter: [@securityaffairs](https://twitter.com/securityaffairs), Facebook: [Security Affairs](https://www.facebook.com/sec.affairs), and Mastodon: [@securityaffairs](https://infosec.exchange/@securityaffairs)

[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)

(SecurityAffairs – hacking, data breach)

## References
[^1]: Cisco. (2025). [CRM Vishing Incident](https://sec.cloudapps.cisco.com/security/center/resources/CRM-vishing). Cisco Security Center. Retrieved 2025-08-05.
[^2]: Security Affairs. (2024). [FBI Alert: Vishing Attacks](https://securityaffairs.com/113596/hacking/fbi-alert-vishing-attacks.html). Retrieved 2025-08-05.
[^3]: Security Affairs. (2024). [Cisco Confirms Security Breach](https://securityaffairs.com/170075/cyber-crime/cisco-confirms-a-security-breach.html). Retrieved 2025-08-05.

This version of the article is optimized for SEO, clarity, and readability while maintaining all the necessary details and external links.

This post is licensed under CC BY 4.0 by the author.