Cisco has confirmed that it was the victim of a cyber attack that compromised the basic information of registered users on its Cisco.com platform. The incident was facilitated by a vishing attack, in which an employee was manipulated into providing access to corporate systems. The company became aware of the issue on July 24, 2025, when an attacker managed to access a third-party customer relationship management (CRM) system used by the company.
They have made a mess
The stolen information includes names, organization names, physical addresses, user IDs assigned by Cisco, email addresses, and phone numbers. However, the company emphasized that no passwords or any sensitive data were compromised, which could have increased the risk for its users and customers.
The vishing attack highlights the growing threat of social engineering tactics, which aim to manipulate employees to gain access to internal systems. Cisco acted quickly to terminate the attacker’s access and launched a comprehensive investigation to assess the magnitude of the incident. The company emphasized that the intrusion was limited to a specific CRM and that other internal systems, products, or services were not affected.
As part of its remediation efforts, Cisco is implementing additional security protocols and re-educating its staff on how to recognize and defend against these increasingly sophisticated types of attacks. “We apologize for any inconvenience this incident may have caused,” the company stated, encouraging its customers and partners to reach out to their respective account teams for support.
Finally, Cisco has begun to inform the relevant data protection authorities and will notify affected users when necessary, thus complying with regulatory requirements.