Redazione RHC : 5 August 2025 16:05
Cisco, a leading global network infrastructure and cybersecurity company, recently announced the impact of a security incident.
Founded in 1984 and headquartered in San Jose, California, Cisco is known for providing technology solutions to enterprises, government agencies, and service providers, covering areas ranging from networking to collaboration to cybersecurity. On July 24, 2025 (GMT+9), the company detected unauthorized access to a cloud-based Customer Relationship Management (CRM) system operated by a third-party following a vishing attack—a form of phishing conducted via voice calls.
According to the official release, the attacker targeted a Cisco representative via a deceptive phone call, bypassing defenses and gaining access to the CRM instance. From there, they exported a subset of basic user profile data.
“Our investigation determined that the exported data consisted primarily of basic account profile information for individuals who had registered on Cisco.com (name, organization name, address, Cisco-assigned user ID, email address, phone number, and account metadata, such as the creation date).”
Cisco immediately terminated the attacker’s access to the compromised system and began a thorough investigation to narrow down the impact of the incident. Preliminary findings have ruled out the involvement of other corporate systems and confirmed that no passwords or proprietary data of enterprise customers were exposed. The incident was confined to that specific CRM instance, and the company has not seen any impact on its products, services, or operational infrastructure.
In compliance with data protection regulations, Cisco has cooperated with the relevant authorities and notified affected users where required. The company also took the opportunity to underscore its ongoing commitment to protecting customer data and improving its defenses against ever-evolving threats. In particular, it announced the adoption of additional preventive measures, including strengthened internal training for staff on how to recognize and respond to vishing attacks.
The statement concludes with a message to customers and partners, inviting them to contact their respective account teams with any concerns or questions. Cisco also expressed regret for any inconvenience caused by the incident, reiterating its commitment to learning from each incident to strengthen its resilience and contribute to the security of the entire technology ecosystem.
Redazione