Cisco: Attacker Accessed Nonsensitive User Data In CRM System
The company said that a voice phishing attack led to the compromise of ‘basic’ Cisco.com user profile data.
Cisco disclosed that a threat actor was able to access Cisco.com user data stored in a CRM system, although the data is not considered to be sensitive.
The compromise impacted “basic account profile information” that had been entered by registered Cisco.com users, Cisco said in its disclosure posted online.
[Related: 10 Major Cyberattacks And Data Breaches In 2025 (So Far)]
“The actor did not obtain any of our organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information,” Cisco said.
The networking and security giant said it became aware of the “incident” on July 24, which involved a voice phishing, or vishing, attack that targeted a Cisco representative.
“As a result, the actor was able to access and export a subset of basic profile information from one instance of a third-party, cloud-based Customer Relationship Management (CRM) system that Cisco uses,” the company said in the disclosure post.
Cisco said it “immediately terminated” the attacker’s access to the CRM system instance.
“Our investigation has determined that the exported data primarily consisted of basic account profile information of individuals who registered for a user account on Cisco.com,” the company said.
The data accessed in the attack might include a user’s name, address, email address, phone number and organization name, Cisco said.
Cisco has not disclosed the number of individuals that may have been impacted in the attack.
The company released a statement to CRN Tuesday reiterating the major points of the disclosure, including that “no passwords, sensitive data, or other confidential customer information were accessed” during the incident.
Cisco said it has not identified impacts to any other services or products, as well as no impacts to other CRM instances used by the company.
Cisco added it plans to implement “further security measures” in the wake of the incident including “re-educating” staff about vishing attacks.