Ransomware victim disclosure
← All victimsCisco Systems, Inc. (cisco.com)
Claimed by Shinyhunters · listed 4 months ago
Status timeline
- ListedApr 1, 2026
- Data leakeddate unknown
At a glance
- Group
- Shinyhunters
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Apr 1, 2026
About the victim
AI dossier — public-source company profileCisco Systems, Inc. is a global technology leader headquartered in San Jose, California, specializing in networking hardware, cybersecurity solutions, cloud infrastructure, and AI-driven enterprise software. The company serves over one million customers worldwide, including 99% of the Fortune 500, and reports annual revenues exceeding $50 billion. Cisco's product portfolio spans switches, routers, firewalls, collaboration tools, and observability platforms.
- Industry
- Networking, Cybersecurity & IT Infrastructure
- Address
- 170 West Tasman Drive, San Jose, CA 95134, USA
- Employees
- 80000
- Founded
- 1984
Attack summary
Severity: critical — The threat actor claims exfiltration of over 3 million PII-bearing Salesforce records alongside source code repositories and cloud storage data from one of the world's largest technology companies; the scale, sensitivity, and confirmed exfiltration (data_published status) of regulated personal data across multiple breach vectors meets the critical threshold.ShinyHunters claims to have conducted three separate breaches (UNC6040, Salesforce Aura, and AWS accounts), allegedly exfiltrating over 3 million Salesforce records containing PII, internal GitHub repositories, AWS S3 bucket contents, and other corporate data, threatening to publish all data if Cisco does not respond by 3 April 2026.
Data the group says was taken
AI dossier — extracted from the leak post- Salesforce customer/user PII records (3M+)
- GitHub source code repositories
- AWS S3 bucket contents
- Internal corporate data
What the group claims
3 breaches ( UNC6040 , Salesforce Aura, and AWS accounts). Total over 3M Salesforce records containing PII, Github repositories, AWS buckets and other internal corporate data have been compromised. This is a final warning to reach out by 3 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 31 Mar 2026 | Warning: FINAL WARNING
Sources
- Victim sitecisco.com
Source
Indexed 4 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

