Cisco has confirmed a data breach after a voice phishing (vishing) attack tricked a representative into granting access to a third-party CRM system.

The latest in a string of social engineering attacks affecting large technology businesses, networking behemoth Cisco Systems revealed on Thursday that hackers had successfully obtained customer data by targeting one of its employees with a sophisticated voice phishing attempt. On July 24, unauthorized access was discovered involving basic profile details of Cisco.com users, such as email addresses and phone numbers, stored in a third-party cloud-based customer relationship management (CRM) platform.

Cisco's security team claims that hackers tricked a corporate representative into divulging access credentials during what seemed to be a standard phone call by using a tactic called "vishing" or voice phishing. The technique reflects a rising trend in which cybercriminals are increasingly focusing on human flaws instead of technological ones. The attackers were able to export a portion of their CRM database's basic profile data after successfully convincing an employee to provide access, a Cisco representative stated in a statement sent to impacted customers.

The fact that even tech-savvy businesses like Cisco may be duped by these easy tactics is concerning. Organizations spend millions of dollars on complex security measures, but all of that can be gotten around with one convincing phone call. Cisco has begun notifying affected users and is reviewing its security training protocols for employees. The company emphasized that no client network configurations or important technical data were at risk as a result of this particular event.