Cisco has disclosed a data breach affecting Cisco.com user accounts, revealing that unauthorized actors gained access to basic profile information following a sophisticated voice phishing (vishing) attack. The breach was discovered on July 24, 2025, after cybercriminals deceived a Cisco representative and obtained credentials that allowed them to access a third-party cloud-based Customer Relationship Management (CRM) system used by the company.
The compromised data includes user names, organization names, physical addresses, Cisco-assigned user IDs, email addresses, phone numbers, and various account metadata such as account creation dates. Cisco emphasized that the breach did not compromise passwords, confidential corporate information, or any other sensitive data beyond basic profile details.
Cisco confirmed that only one instance of its third-party CRM system was affected and that no products or core services were impacted. Upon identifying the breach, Cisco immediately revoked the attacker’s access to the CRM environment, initiated a formal investigation, and began notifying affected users as required by law or company policy.
In response to the incident, Cisco says they have implemented additional security measures focused on preventing future vishing attacks, including enhanced employee education and awareness campaigns. The company has not disclosed the total number of accounts affected but maintains that there is no evidence of the exposure or misuse of sensitive information.