Cisco confirmed on Tuesday that a cybercriminal gained access to personal information belonging to some of its customers by exploiting a voice-based phishing scheme. The incident, discovered on July 24, targeted one of the company’s representatives through what’s known as a “vishing” call — a social engineering tactic that uses convincing phone conversations to trick individuals into revealing access credentials or granting system permissions.
According to Cisco, the attacker managed to infiltrate a third-party cloud-based customer relationship management (CRM) platform used by the company. Once inside, the intruder extracted a portion of customer records containing profile details.
The stolen information includes customers’ names, organization names, addresses, Cisco-issued user IDs, email addresses, phone numbers, and certain account metadata, such as when the account was first created. While Cisco assured that no highly sensitive information like payment details or passwords was compromised, the exposed data could still be used in targeted phishing attempts or identity fraud.
Cisco did not provide exact figures on how many accounts were impacted by this security breach. When contacted, company spokesperson Carro Halpin declined to share specifics about the scale of the incident.
This attack bears similarities to other recent breaches involving the theft of Salesforce customer data. Several high-profile companies — including Allianz Life, Tiffany & Co., and Qantas — have faced comparable security issues where criminals targeted CRM platforms to gather personal data. Cisco is known to be a Salesforce client, which may indicate that this breach is part of a broader campaign focused on exploiting weaknesses in CRM-related security processes.
Security experts have long warned that voice phishing attacks can bypass technical safeguards by manipulating human behavior. Even well-trained employees can be caught off guard by a persuasive scammer, especially when the attacker appears to have insider knowledge or uses urgency as a tactic.
In response to the breach, Cisco has taken measures to secure its systems, notify affected customers, and enhance its security protocols to prevent similar incidents in the future. The company also reminded users to remain cautious of suspicious calls, emails, or requests that could be linked to the stolen information.
This latest incident highlights how attackers are increasingly relying on human-focused exploits rather than purely technical hacks, proving that cybersecurity awareness is just as critical as technological defenses.
