Cisco Discloses Data Breach Involving Third-Party CRM System

Cisco has revealed a data breach that exposed customer profile information through a third-party customer relationship management (CRM) system. The incident underscores the growing threat of social engineering attacks targeting individuals within large organizations.

How the Breach Happened

The breach was discovered on July 24, 2025, after a Cisco representative was targeted in a vishing attack—a form of phishing conducted via voice call. According to Cisco, the attacker successfully exploited the incident to gain unauthorized access to a third-party CRM instance used by the company.

Once the breach was identified, Cisco acted quickly to terminate the attacker’s access and launched an internal investigation to assess the extent of the damage.

What Data Was Compromised?

The stolen data included non-sensitive, yet personal, information from individuals who had registered for accounts on Cisco’s official website. The compromised details include:

• Full name

• Email address

• Phone number

• Organization name

• Physical address

• Cisco-assigned user ID

• Account metadata (e.g., creation date)

Importantly, Cisco confirmed that no passwords, financial information, or confidential customer data were accessed. The breach did not affect any other CRM systems or Cisco’s core products and services.

Cisco’s Response and Mitigation Efforts

Cisco has notified all affected individuals and reported the incident to relevant data protection authorities. In a public statement, the company emphasized that it is taking the breach seriously and is implementing additional security measures, including:

• Enhanced internal monitoring

• Re-educating staff on detecting and preventing vishing attacks

• Strengthening CRM access protocols

“Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community,” Cisco stated.

Previous Incident with IntelBroker

This latest event follows a separate incident in December 2024, when the hacker known as IntelBroker leaked gigabytes of Cisco data, including source code, scripts, and digital certificates. Although Cisco confirmed the data was authentic, it clarified that the files were pulled from a public-facing DevHub resource center and not from any internal systems.

While much of the leaked data was already publicly accessible, some files were inadvertently exposed and not meant to be available externally.

Conclusion

This breach serves as a reminder of the human element in cybersecurity. Even well-secured systems can be vulnerable if attackers successfully manipulate individuals through techniques like vishing. Organizations should continue investing in security awareness training, particularly as threat actors increasingly rely on social engineering to bypass technical defenses.