Cisco has confirmed a security breach involving a third-party cloud-based Customer Relationship Management (CRM) system. This breach exposed limited profile details of users registered on Cisco.com, such as names, email addresses, and phone numbers.
The incident came to light on July 24, 2025, when a vishing (voice phishing) attack targeted one of Cisco’s representatives. This social engineering attempt allowed the attacker to gain access to a portion of basic user information stored in the CRM system.
How the Breach Happened
According to Cisco’s official statement, the attacker exploited the vishing attack to access and export a small subset of user data. The affected system was one instance of the third-party CRM tool used by Cisco, and it did not store sensitive data like passwords or financial information.
Immediately after detecting the attack, Cisco locked the intruder’s access, began a detailed investigation, and confirmed that other corporate systems and Cisco products remained secure.
Cisco’s Response and Security MeasuresCisco notified law enforcement authorities and directly informed all affected users. The company also announced enhanced security training for its employees, specifically focusing on identifying and preventing vishing attacks in the future.
In its statement, Cisco emphasized that every cyber incident is an opportunity to strengthen defenses and improve resilience. The company apologized for any inconvenience caused to customers and assured them that preventive measures are being taken to avoid similar incidents.
Previous IntelBroker Attack on Cisco
This is not the first time Cisco has faced a data-related incident. In October 2024, threat actor IntelBroker claimed responsibility for breaching Cisco’s DevHub environment.
That earlier breach allegedly gave IntelBroker access to a wide range of sensitive materials, including:
- GitHub and GitLab projects
- Source code and hard-coded credentials
- SSL certificates and private keys
- Confidential documents, Jira tickets, and API tokens
- AWS private buckets, Azure storage, and Docker builds
- Cisco Premium Products and other proprietary resources
This recent CRM-related breach serves as another reminder of the growing importance of protecting not just core company systems, but also the security of third-party services connected to them.
