They say the loudest breaches don’t always start with alarms sometimes, they start with a friendly voice on the other end of the line.
On July 24, 2025, a notable tech company discovered that a voice phishing (vishing) attack had successfully compromised one of its own representatives. The ironic twist, the attackers didn’t storm the gates, they politely asked to be let in.
The result? A data breach that exposed basic profile information of Cisco.com registered users from a third-party cloud-based CRM system.
What Got Exposed?
- Names
- Organization names
- Physical addresses
- Cisco-assigned user IDs
- Email addresses
- Phone numbers
- Account metadata (e.g., creation dates)
No passwords, no payment data, and no confidential customer intel were exposed according to current findings. The company also confirmed that the breach did not affect internal products or services.
Still, the stolen data is enough to fuel further phishing attacks, impersonation, or targeted social engineering campaigns, and that’s no small matter.
Likely Culprits
While Cisco has not officially confirmed the source of the breach, signs point to an on going wave of attacks targeting Salesforce CRM environments, using sophisticated vishing and social engineering tactics.
The Shiny Hunters extortion group has been tied to similar breaches in recent weeks, affecting companies
Still the Weakest Link
Let’s be honest: no firewall can filter outa convincing voice on the other end of a phone call.
In this case, the attacker didn’t exploit zero-days or decrypt servers. They simply manipulated a human, gaining access to a CRM platform that lived outside Cisco’s internal ecosystem and held valuable user information.
To Cisco’s credit, they terminated access immediately, launched an investigation, and notified data protection authorities and impacted users where legally required.
They also committed to re-educating staff on vishing awareness, a step that’s necessary, but often too little, too late.
MITIGATIONS
If you're a CISO, GRC lead, or just a security-conscious executive, here’s how to avoid being the next headline:
- Treat third-party CRMs like internal assets.
- Use role-based access, MFA, and geofencing.
- Audit who has access, and why.
- Don’t let one CRM instance hold all your eggs.
- Separate PII, metadata, and sensitive org info using data segmentation and field-level encryption.
- Watch for increased phishing attempts using the stolen Cisco.com details.
- Alert customers to email impersonation risk and possible brand spoofing.
- Invest in Threat Intelligence department of an MSSP to monitor breach forums and Telegram channels for signs of leaked Cisco user data and of the vital company data or credentials.
Reinforce the human firewall, before your next call turns into your next breach!!
.png)
.png)