Cisco Hacked – Attackers Stolen Profile Details of users Registered on Cisco.com

Cisco has confirmed it was the target of a cyberattack where a malicious actor successfully stole the basic profile information of an undisclosed number of users registered on Cisco.com.

The technology giant revealed that the breach occurred after an employee was deceived by a sophisticated voice phishing, or “vishing,” attack.

The incident, which Cisco became aware of on July 24, 2025, did not compromise sensitive information such as passwords, financial details, or confidential corporate data. However, it exposes the growing threat of social engineering tactics targeting employees as a gateway into corporate systems.

According to a statement released by the company, the attacker targeted a Cisco representative through a vishing scheme. In these attacks, perpetrators use voice communication often a phone call to manipulate individuals into divulging sensitive information or granting system access.

The actor successfully persuaded the employee, leading to unauthorized access to a third-party, cloud-based Customer Relationship Management (CRM) system used by the company.

From this single CRM instance, the hacker was able to export a dataset of user information. Cisco detailed that the compromised data included basic account details provided by individuals upon registering for a Cisco.com account: names, organization names, physical addresses, Cisco-assigned user IDs, email addresses, and phone numbers.

The data also contained account-related metadata, such as the date the profile was created. Upon discovering the breach, Cisco’s security team acted swiftly to terminate the attacker’s access and launched a full investigation to determine the scope of the incident.

The company stressed that the intrusion was isolated to one specific CRM system and that no other internal systems, products, or services were affected. “The actor did not obtain any of our organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information,” the company affirmed.

In line with regulatory requirements and best practices, Cisco has engaged with relevant data protection authorities to report the incident. The company is also in the process of notifying affected users where mandated by law.

Cisco is treating the event as a critical learning opportunity to bolster its defenses. “Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community,” the statement read.

As part of its remediation efforts, Cisco is implementing additional security protocols to prevent similar breaches. A key focus is on re-educating personnel on how to recognize and defend against the increasingly convincing and targeted nature of vishing attacks.

The company issued an apology for the incident. “We apologize for any inconvenience or concern that this incident may have caused,” Cisco stated, encouraging customers and partners with further questions to get in touch with their designated account teams for support.

Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches