Update on Salesloft Data Breach Impacting OneSpan

At OneSpan, protecting the confidentiality, integrity, and availability of customer data is a top priority. We are committed to transparency and proactive communication, especially when it comes to security incidents that may affect our customers.

What Happened
On August 22, 2025, Salesforce.com notified OneSpan that we and other Salesforce customers were impacted by a broad supply chain compromise involving the Drift integration (a product owned by Salesloft) with Salesforce. It is now estimated that the number of affected Salesforce.com customers is in the hundreds. This incident was part of a coordinated campaign where a threat actor exploited Drift's OAuth connection to execute unauthorized queries against Salesforce data.

Salesforce and Salesloft have publicly confirmed the nature of the breach and taken steps to contain it. You can read more from their official statements here:

• Salesforce Security Update
• Salesloft Trust Center

What Data Was Accessed
Based on our investigation to date, the unauthorized queries targeted several Salesforce objects, including:

• Accounts
• Opportunities
• Cases

The exposed data appears to primarily include:

• Business contact information
• Product licensing and commercial details
• Support case information

It is important to note that attachments, files, and images were not accessed, and we have no indication that any OneSpan products have been compromised.

What We're Doing
Upon detection, OneSpan took immediate steps to contain, investigate, and mitigate the incident:

• We revoked Drift's access tokens and disabled the integration.
• We engaged external forensic experts to support our investigation and assist with conducting a forensics analysis to understand the scope of the exposure and eliminate the threat.
• We enhanced monitoring across our systems.
• We expanded credential rotation to all our third-party Internet services and accounts as a precautionary measure to prevent the attacker from using compromised data to access other OneSpan systems.
• We continue to analyze our Salesforce case objects data to identify potential exposures of sensitive data to ensure customers receive timely and accurate communication about potential exposures.

What You Should Do
Due to the widespread nature of this incident across multiple companies, we recommend our customers:

• take the proactive steps recommended by Salesforce and leading cybersecurity experts, which can be viewed here; and
• remain vigilant against phishing, smishing, and other forms of social engineering that may target employees whose contact details were stored in Salesforce.

Need Help?
If you have any questions or concerns, please contact the OneSpan Customer Support team [email protected].

Thank you for your continued trust in OneSpan.