Cisco has confirmed that a cybercriminal successfully carried out a voice phishing (vishing) attack that led to the unauthorized exposure of customer data from Cisco.com.
The company disclosed that the breach was discovered on July 24, following a social engineering incident where an attacker impersonated a legitimate party during a phone call. The target of the attack was a Cisco employee, who was deceived into granting access to a third-party cloud-based CRM system used by Cisco.
As a result, the attacker extracted a portion of basic customer profile data, according to Cisco’s statement. The compromised data includes:
- Customer name
- Organization name
- Physical address
- Cisco-assigned user ID
- Email address
- Phone number
- Account metadata, such as account creation date
Although Cisco acknowledged the incident, it did not disclose the number of users affected. When contacted for further details, a Cisco spokesperson declined to provide specific figures.
Potential Salesforce Connection
This breach appears to be part of a larger trend targeting Salesforce data. As reported by BleepingComputer, other major companies—such as Allianz Life, Tiffany & Co., and Qantas Airlines—have recently experienced similar breaches involving Salesforce infrastructure. Notably, Cisco is listed as a Salesforce client, though no technical specifics have been confirmed.
The incident highlights the growing risk of vishing attacks, which exploit human trust rather than software vulnerabilities. Even with enterprise-grade security systems in place, attackers can find a way in through social engineering techniques aimed at employees.
Why It Matters
This breach serves as a reminder that employee awareness and voice verification protocols are just as important as technological defenses. Vishing is often overlooked, but it remains an effective and dangerous method for infiltrating corporate systems—especially cloud platforms handling sensitive customer data.
Proactive security training, strict access controls, and continuous monitoring of cloud integrations like CRM platforms are essential steps to reduce the risk of similar breaches.
🛡️ At a time when digital trust is under constant threat, reinforcing both technical infrastructure and human defenses is critical to securing customer data.