“Bad actor” targets Cisco representative with vishing attack, user data obtained

A Cisco representative was recently involved in a voice phishing or “vishing” attack. The attackers stole private information from Cisco.com users.
The incident occurred on July 24th, 2025. A bad actor was able to access and export a subset of basic profile information from a third-party cloud-based Customer Relationship Management (CRM) system that Cisco uses.
When Cisco found out about the incident, the threat actor’s unauthorized access was immediately revoked. The tech company has initiated an investigation.
Preliminary findings have shown that the hacker successfully exfiltrated the basic account profile information of people who had registered an account on Cisco.com.
According to Cisco, names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account-related metadata, such as creation dates, were taken from the compromised CRM system.
The company stresses that the attacker didn’t obtain any of its organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information. The incident didn’t impact any other Cisco products or services, and no other Cisco CRM instances were affected.
How many users have been affected by the incident remains unclear, but Cisco has already notified them of what happened. We also don’t know who’s responsible for the data breach. Data protection authorities have been alerted.
“Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community. We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks,” Cisco wrote in a press release regarding the incident.
Cisco wouldn’t say what third-party CRM system was impacted. However, back in June, Google warned businesses and organizations about vishing attacks, in which threat actors use social engineering scams to try to steal Salesforce data and extort companies.
“Organizations, are you prepared for voice phishing? UNC6040 is a financially motivated threat cluster that specializes in using voice phishing (vishing) to compromise organizations' Salesforce instances, leading to large-scale data theft,” cybersecurity firm and Google subsidiary Mandiant said in a post on X at the time.