Friday, October 3, 2025 Update
Cisco is aware of the recent claims by the suspected actor regarding this event. We promptly assessed those claims, and have not seen any evidence that the actor obtained any information beyond what we initially assessed in July 2025.
First Published: Friday, August 1, 2025
Overview
On July 24, 2025 (GMT+9), Cisco was made aware of an incident involving a bad actor targeting a Cisco representative through a voice phishing attack, also known as vishing. As a result, the actor was able to access and export a subset of basic profile information from one instance of a third-party, cloud-based Customer Relationship Management (CRM) system that Cisco uses.
Upon learning of the incident, the actor’s access to that CRM system instance was immediately terminated and Cisco commenced an investigation. Our investigation has determined that the exported data primarily consisted of basic account profile information of individuals who registered for a user account on Cisco.com (name, organization name, address, Cisco assigned user ID, email address, phone number, and account-related metadata – such as creation date).
The actor did not obtain any of our organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information. Cisco did not identify any impact to our products or services, and no other Cisco CRM instances were affected.
Cisco has engaged with data protection authorities and notified affected users where required by law.
Every cybersecurity incident is an opportunity to learn, strengthen our resilience, and help the wider security community. We are implementing further security measures to mitigate the risk of similar incidents occurring in the future, including re-educating personnel on how to identify and protect against potential vishing attacks.
We apologize for any inconvenience or concern that this incident may have caused. Customers and partners with additional questions are encouraged to contact their account teams.
Resources
https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks
This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.
This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.