Cisco has confirmed a targeted voice phishing (vishing) attack that compromised user profile data stored in a third-party cloud-based Customer Relationship Management (CRM) system. The breach, discovered on July 24, 2025, involved an attacker impersonating a trusted entity over the phone to manipulate a Cisco representative into granting unauthorized access.
Cisco Vishing Attack: What Happened
On July 24, 2025 (GMT+9), Cisco was alerted to a voice phishing (vishing) attack targeting one of its representatives. The attacker impersonated a trusted entity over the phone and successfully manipulated the employee into granting access to a third-party, cloud-based Customer Relationship Management (CRM) system.What Data Was Compromised
The attacker exported a subset of basic profile information from users who had registered on Cisco.com:| Compromised Data |
|---|
| Full names |
| Organization names |
| Physical addresses |
| Cisco-assigned user IDs |
| Email addresses |
| Phone numbers |
| Account-related metadata (e.g., account creation date) |
No passwords, confidential customer data, or proprietary information were accessed.
Cisco’s Response
Cisco took immediate action:- Terminated the attacker’s access to the CRM system
- Launched a full investigation
- Notified affected users and data protection authorities
- Confirmed no impact to other CRM instances or Cisco products/services
They also committed to:
- Re-educating personnel on identifying and preventing vishing attacks
- Implementing enhanced security measures to prevent recurrence
IndianWeb2.com is an independent digital media platform for business, entrepreneurship, science, technology, startups, gadgets and climate change news & reviews.
No comments
Post a Comment