Hacker Used a Voice Phishing Attack to Steal Cisco Customers’ Personal Information

A cybercriminal has successfully executed a voice phishing (vishing) attack, tricking a Cisco representative into granting them unauthorized access to steal personal information belonging to Cisco.com users. The technology giant disclosed the security incident on Tuesday.

Cisco reported discovering the breach on July 24, attributing the incident to a voice phishing call. According to the company’s disclosure, hackers gained access to and subsequently exported a subset of basic profile information from the database of a third-party, cloud-based customer relationship management (CRM) system.

The compromised data includes sensitive customer details such as name, organization name, address, Cisco-assigned user ID, email address, and phone number. Additionally, account-related metadata, including the account creation date, was also exfiltrated.

Cisco has not publicly disclosed the exact number of Cisco.com users affected by this breach. When approached for comment, a Cisco spokesperson declined to provide specific figures.

This incident is reminiscent of other recent cyberattacks that have targeted companies’ Salesforce data. Notable breaches of this nature have previously impacted U.S. insurance giant Allianz Life, luxury retailer Tiffany and Co., and Australian airline Qantas, among others. Cisco is known to be a customer of Salesforce, as confirmed by the cloud services provider.

The company confirmed that this report was updated to include their response.