Klue Third-Party Cybersecurity Incident
The latest updates from Jamf on the Klue third-party cybersecurity incident. Here's what we know and what we're doing about it.
We are aware of an ongoing incident with Klue, a third-party vendor Jamf uses for competitive intelligence services. The incident occurred within Klue’s environment, where a third-party gained unauthorized access to Jamf’s Salesforce instance data through Klue’s integration.
We are committed to transparency and keeping our customers informed every step of the way. Today, we have shared the below communication with our customers. We understand that you may have questions and/or concerns, as new information becomes available, we will continue to update this post accordingly.
Dear Valued Customer,
We’re writing today to inform you of a cybersecurity incident affecting Klue, a vendor Jamf uses for competitive intelligence services.
The incident occurred within Klue’s environment, where an unauthorized party gained access to Jamf’s Salesforce instance data through Klue’s integration. It is important to note that this incident did not affect Jamf’s products, and there was no impact on our ability to serve our customers.
After receiving notice of the incident from Klue, we immediately disabled Klue’s integration within Salesforce. We have no evidence of lateral movement and have contained the incident on our end. We engaged cybersecurity experts to support our own investigation and took immediate defensive measures to protect our environment. We also notified law enforcement.
We have identified the timeline of unauthorized access to our Salesforce environment and are conducting our own review to understand what data was impacted. While this investigation is ongoing, we believe the impact was primarily limited to business data fields within the Salesforce environment. Please rest assured that we are approaching this incident with the utmost seriousness and care and have dedicated the necessary expertise, time, and resources to our investigation.
Please be advised that it is possible the unauthorized party responsible for the Klue incident may conduct phishing campaigns leveraging the contact information stored within Salesforce. They may pose as legitimate Jamf employees and IT professionals. As a general best practice, we encourage customers to remain vigilant and exercise caution when sharing sensitive information or account credentials with unknown senders and to report any suspicious email to their security team.
We are in active communication with Klue and will provide updates as our findings develop. For the latest information, we encourage you to visit our blog post at jamf.com/blog/klue-incident, where we will continue to post updates as new information becomes available. We are committed to keeping you informed as we learn more.