Dive Brief:
- HubSpot is responding to a series of intrusions impacting dozens of customers’ accounts, the company said Friday in a disclosure on its investor relations site.
- The customer relationship management firm said it identified a security incident involving unauthorized access to HubSpot customers’ accounts on June 22. “While our investigation is still underway, we believe based on our initial assessment that the bad actors were able to gain unauthorized access to less than 50 HubSpot accounts,” the company said.
- All impacted customers have been notified and the last confirmed instance of unauthorized access occurred Thursday, HubSpot said. The company did not explain how the attackers gained access and declined to answer questions.
Dive Insight:
HubSpot did not say if it was directly attacked but described the incident as “isolated to a small subset of the HubSpot customer base.” The Cambridge, Massachusetts-based company said it has more than 216,000 business customers.
“Since June 22, we have contacted impacted customers and taken necessary steps to revoke the unauthorized access to protect our customers and their data,” the company said. “In addition, the HubSpot security team has been actively investigating and blocking attempts to gain access to customer accounts.”
HubSpot has not disclosed the intrusion to the Securities and Exchange Commission, which is required four business days after determining a cyber incident is material. The company said it will share additional information when its investigation concludes.
