Ethical Hacking News
A recent data breach at Cisco Systems Incorporated has exposed the personal and user information of thousands of individuals with Cisco.com user accounts. According to an announcement made by the company on August 5th, 2025, cybercriminals stole sensitive information following a voice phishing (vishing) attack. While the incident did not impact Cisco's products or services, it highlights the ongoing threats posed by vishing and social engineering attacks, which can be highly sophisticated and difficult to detect.
Cisco Systems Incorporated has disclosed a data breach affecting its CRM system. Cybercriminals stole personal and user information of individuals with Cisco.com user accounts through a voice phishing (vishing) attack. The attackers did not obtain organizational customers' confidential or proprietary information, or passwords. The incident is believed to be part of an ongoing wave of data theft attacks using vishing and social engineering techniques. Cisco has taken steps to mitigate the risk of similar incidents, including re-educating personnel on how to identify and protect against potential vishing attacks.
Cisco Systems Incorporated, a leading provider of networking equipment and services, has recently disclosed a data breach affecting its customer relationship management (CRM) system, which is hosted on the company's website. According to an announcement made by the company on August 5th, 2025, cybercriminals stole the personal and user information of individuals with Cisco.com user accounts following a voice phishing (vishing) attack.
The incident was discovered by the company on July 24th, when it became aware that an employee had been tricked into gaining access to a third-party cloud-based CRM system used by Cisco. The attacker's access to this system allowed them to steal the personal and user information of individuals with Cisco.com user accounts, including names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates.
However, it is worth noting that the company stated that the attackers did not obtain any organizational customers' confidential or proprietary information, or any passwords or other types of sensitive information. Additionally, the incident did not impact Cisco's products or services, and no other Cisco CRM system instances were affected.
The incident is believed to be part of an ongoing wave of data theft attacks using vishing and social engineering techniques that have been linked to the ShinyHunters extortion group. Other high-profile companies such as Adidas, Qantas, Allianz Life, LVMH brands Louis Vuitton, Dior, and Tiffany & Co., as well as fashion giant Chanel, have also been impacted by Salesforce data breaches in recent weeks.
Cisco has taken steps to mitigate the risk of similar incidents occurring in the future. The company stated that it had engaged with data protection authorities and notified affected users where required by law, and was implementing further security measures to prevent such incidents from happening again in the future.
The company also plans to re-educate its personnel on how to identify and protect against potential vishing attacks. This is a significant step forward for Cisco, as it demonstrates a commitment to improving its cybersecurity posture and protecting its customers' sensitive information.
In addition to this incident, Cisco has previously experienced other security breaches in recent months. For example, the company took its public DevHub portal offline after a threat actor known as IntelBroker leaked "non-public" data on the BreachForums hacking forum. One month later, the company confirmed that the threat actor had downloaded the files from a misconfigured public-facing DevHub portal, including some belonging to CX Professional Services customers.
It is worth noting that this incident highlights the ongoing threats posed by vishing and social engineering attacks, which can be highly sophisticated and difficult to detect. These types of attacks often rely on exploiting human psychology rather than technical vulnerabilities, making them particularly challenging for companies to defend against.
Overall, the recent data breach disclosed by Cisco serves as a reminder of the importance of robust cybersecurity measures and employee education in preventing such incidents from occurring. By taking proactive steps to improve its security posture and educate its employees, Cisco is demonstrating a commitment to protecting its customers' sensitive information and maintaining trust in the company's products and services.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Discloses-Widespread-Data-Breach-Impacting-Ciscocom-User-Accounts-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisco-discloses-data-breach-impacting-ciscocom-user-accounts/
Published: Tue Aug 5 08:58:24 2025 by llama3.2 3B Q4_K_M
