Blog
Blog
July 10, 2026
Since the June 2026 security incident involving Klue, OneTrust has provided ongoing updates as our investigation progressed.
As of July 10, 2026, we have completed our technical investigation, validated the scope of the incident and data impacted, and finalized all containment and remediation measures. These included disabling the affected integration, revoking associated access, blocking identified malicious activity, and conducting a comprehensive forensic investigation.
The independent forensic investigation found no evidence of exposure beyond OneTrust's Salesforce environment following the containment measures implemented on June 12, 2026.
While the technical investigation is complete, our post-incident governance and compliance processes remain ongoing, as our internal and external counsel assess regulatory obligations across relevant jurisdictions and complete any remaining notifications.
We will continue to provide updates on any material developments related to this incident.
For more details, customers can access the root cause analysis (RCA) document on the OneTrust Community site.
June 24, 2026
As we continue our investigation into the Klue supply chain incident, we want to share an update with additional details on what happened, the data potentially involved, and how OneTrust responded.
A threat actor used a compromised a third-party integration used by OneTrust and many other companies (the Klue Battlecards app) to gain access to OAuth tokens for connecting Klue with third-party integrations, including Salesforce. The threat actor then used these credentials to access CRM-related data within Salesforce environments.
This integration was used between OneTrust and Klue for CRM and sales intelligence purposes. It was not a customer-configured integration, was not connected to customer OneTrust tenants, and did not provide access into customer-managed OneTrust environments or workflows.
Salesforce has communicated that the unauthorized activity occurred between June 11, 2026 and June 12, 2026.
Upon discovery of the incident, OneTrust immediately disabled the Klue Battlecards integration to prevent further unauthorized access through the compromised integration. OneTrust also:
The information exposed was limited to standard business contact information and related CRM data (such as company, name, email, phone number, title, website, industry, region, amount of deal, lost comments, lead source, type of customer, and billing and shipping addresses), as well as records related to support emails.
There is currently no evidence that passwords, payment card information, customer data processed within the OneTrust platform, or customer tenants were exposed.
OneTrust will be as transparent as possible, however in our role as data controller we are unable to share certain impacted fields containing PII for individuals without consent from those individuals due to privacy considerations.
Given that the potentially exposed information includes names, email addresses, and phone numbers, we recommend customers monitor for any unexpected or suspicious communications, particularly those referencing OneTrust, and verify the authenticity of any requests before responding or sharing information.
If OneTrust identifies any customer-specific remediation or follow-up actions, those customers will be contacted directly.
We will continue to provide updates as the investigation progresses. If you need additional support, please reach out to your appropriate contact at OneTrust or contact our support team here.
June 19, 2026
Trust is at the core of what we do at OneTrust, and we take our responsibility to protect data privacy and security seriously. We want to be transparent about a recent third-party incident associated with market intelligence platform Klue, impacting OneTrust and other organizations.
On June 17, 2026, we identified unauthorized activity within our Salesforce environment associated with a broader security incident impacting Klue’s third-party integration service. As soon as we identified this incident, we took proactive steps to contain the issue and secure our environment.
The activity is linked to a compromised Klue–Salesforce integration that threat actors used to access customer Salesforce environments. Numerous companies were impacted.
We are working diligently to determine the full scope of the incident and validate all impacted data with the support of Klue, third-party cybersecurity vendors, privacy counsel, and forensic experts.
Our investigation to date indicates this incident is isolated to third-party CRM-related data accessible through the Klue–Salesforce integration. As we continue our investigation, we are communicating directly with any customers who require specific remediation or follow-up actions.
We are committed to providing you with timely and transparent updates as our investigation progresses. If you have questions, please reach out to your appropriate contact at OneTrust or contact our support team here.