April 02, 2026

Hackers Claim Theft of 3 Million Salesforce Customer Records from Cisco

cisco-salesforce-hackers

By James Stephen

Reports have emerged that a criminal extortion group is attempting to blackmail Cisco after allegedly stealing more than three million Salesforce customer records. Cisco has not confirmed the claims, but they have circulated widely across security media over the past 48 hours. The story lands at a particularly sensitive moment with consumer trust in how AI systems handle personal data already under strain, as recent UK consumer research found.

The Story So Far

The group making the claims is ShinyHunters, a criminal hacking and extortion outfit active since 2019 and known for high-impact data theft operations. According to reporting by Cybernews, the group posted a “FINAL WARNING” notice on its dark web victim page on 31 March, asserting it had obtained over three million Salesforce records containing personally identifiable information, alongside GitHub repositories and AWS cloud data. ShinyHunters issued a deadline of 3 April, threatening data exposure if its demands were not met.

The post revealed the use of three separate breach vectors: a voice phishing attack, a vulnerability in Salesforce’s Aura Experience Cloud, and compromised AWS accounts. Cybernews researchers stated: “We cannot confirm the ShinyHunters’ claims as they did not upload the data yet, but looking at the sample screenshots, it seems plausible.” The outlet added that the stolen customer data could now be used for further targeted attacks against Cisco customers via fraud, social engineering and other scams.

One of the three breaches mentioned by ShinyHunters had already been publicly acknowledged by Cisco. In July 2025, the company confirmed that a bad actor had gained access to a third-party, cloud-based CRM system through a voice phishing attack targeting one of its representatives. Cisco stated at the time that the exported data consisted primarily of basic account profile information, including names, email addresses and phone numbers, and that no confidential customer data or passwords were obtained.

The latest attack may be linked to a recent Trivy supply chain compromise, as reported by Bleeping Computer, in which the attackers stole multiple AWS keys and cloned more than 30 GitHub repositories. It reported that some of these stolen repositories had been said to belong to corporate customers, including banks, BPOs, and US government agencies.

Trust Issues in CX

These allegations place Cisco in an uncomfortable position, given that it recently promoted new security capabilities aimed at addressing the trust barriers holding back wider adoption of AI agents, including tools intended to reassure customers about data governance and automated decision-making. For a company publicly aligned with building safer AI experiences, high-profile security allegations could be damaging to its reputation.

The broader picture is one of fragile consumer confidence. Customers increasingly expect businesses to be transparent about how AI uses their data and are even willing to pay more for brands they trust. Incidents of this nature, however, even when unconfirmed, can harden that scepticism.

The Potential Fallout

AI systems in customer experience depend on high-quality, trusted data to personalise interactions, adapt to customer needs, and drive automated decisions. When confidence in data security erodes, the consequences cascade. Customers become more reluctant to engage with AI-driven services, opt-out rates for data sharing rise, and the accuracy of AI systems diminishes as a result. Regulatory scrutiny also tends to intensify, particularly around consent and automated processing, at a time when frameworks governing AI agents are already tightening.

Even when breaches cannot be confirmed, the coverage alone shapes public perception and can slow adoption of the AI tools that brands are increasingly relying on to differentiate their customer experience. As AI amplifies both the benefits and the risks of customer data governance, the foundation of trust that underpins those systems becomes more critical and more exposed. Whether or not the latest ShinyHunters claims are substantiated, the episode is a reminder that CRM data is now among the most valuable, and most targeted, assets in enterprise technology.

Customer Experience CXM News Today's pick

Related articles

Sprinklr's AI Is Hitting Every Number Except the One That Counts Sprinklr’s AI Is Hitting Every Number Except the One That Counts Vonage Embeds Industry-Specific AI Agents Into Its Contact Centre Vonage Embeds Industry-Specific AI Agents Into Its Contact Centre Change Management for CX Teams Tips for Side-Stepping Change Fatigue Change Management for CX Teams: Tips for Side-Stepping Change Fatigue