A cybercriminal used a convincing phone call to breach Cisco’s defenses, gaining access to sensitive personal information belonging to Cisco.com users. The incident, which Cisco confirmed in early August, underscores the persistent threat of voice-based phishing, or 'vishing,' in today's cybersecurity landscape.
The breach came to light on July 24 after Cisco investigators discovered that an attacker had tricked a company representative over the phone. Posing as a legitimate contact, the hacker secured access credentials linked to a third-party, cloud-based customer relationship management (CRM) system.
A New Wave of CRM-Targeted Attacks
Once inside, the intruder exported a trove of user data, including names, organization details, physical and email addresses, phone numbers, and other account-specific information. While the exact number of affected users has not been disclosed, Cisco confirmed that only a subset of customer profiles stored in the external CRM was compromised.
This attack isn’t isolated. Over the past year, tech giants and global brands, including various Salesforce customers, have experienced similar breaches. Cybercriminals increasingly target CRM platforms, as these systems aggregate valuable, up-to-date personal information across thousands or even millions of users.
Did you know?
The term 'vishing' blends 'voice' and 'phishing,' describing scams that use calls instead of email to trick targets into giving up sensitive information.
Company Response and Enhanced Protections
Facing rising public concern, Cisco says it has launched an internal review and is working with cloud providers and law enforcement. The company has prioritized tightening protocols, enhancing verification for sensitive actions, and running new employee training focused on detecting and resisting social engineering tactics.
A Cisco spokesperson emphasized that the company is notifying affected users directly and is providing resources to help them monitor for suspicious activity. Customers are being urged to update passwords and be skeptical of any unsolicited communications, especially those requesting personal data or login credentials.
ALSO READ | Perplexity Under Fire for Scraping Blocked Publisher Content
Industry Braces for More Sophisticated Threats
Security experts warn that vishing represents a fast-evolving risk. Attackers now use realistic scripts, generative AI voice tools, and detailed social media research to craft believable stories.
The recent breach signals a broader industry challenge: as defenses strengthen against email-based phishing, threat actors pivot to more personal channels. With CRM systems remaining critical to business operations, companies face pressure to invest in identity verification, employee awareness, and real-time anomaly detection.
Cisco’s renewed focus on security and transparency is being closely watched across the tech sector, as industry leaders race to adapt to an era where a single phone call can trigger major data exposure. The balance between user convenience and strong protection has never been more urgent.
Comments (0)
Please sign in to leave a comment