We have been made aware of a supply-chain security incident involving Klue, a third-party provider used by Digital Science alongside other well known, global organizations.
What we know. An unauthorized party compromised the provider’s systems and, through its standard integration with our CRM platform, was able to access a limited set of our CRM data such as business contact information (e.g. names, email addresses, phone numbers) and sales opportunity metadata (e.g. contract start / end dates, company names and addresses).
To confirm, Digital Science products and associated data have not been impacted by this incident and remain fully operational and secure. No valid product access credentials, payment card or sensitive data of any of our customers, prospects or users is known to have been accessed.
What we’ve done. Upon becoming aware of the incident, we immediately disabled all connections to the third-party provider from our systems. We engaged our internal security experts alongside external breach response services via our cyber insurance. A full investigation was conducted with ‘indicators of compromise’ from the vendor and external security organisations, and our IT and infrastructure teams have blocked all such indicators of compromise across our internal and product infrastructure. This includes the blocking of IPs and email domains believed to be associated with the attacker, alongside implementation of other technical controls. A review has been completed of all CRM integrations and as an additional precaution, all integration credentials refreshed.
What happens next. Affected customers have been identified and are in the process of being contacted. If you are affected, you will hear from us.
What we ask of you. As a precaution, please be vigilant about any correspondence that appears to come from Digital Science but does not reach you through our standard channels. Particularly, if you are asked to make a payment or to change existing business information you hold about us. If any communication from us seems unexpected or unusual, verify it with your main Digital Science contact before responding or sharing information.
We understand and appreciate the trust our customers place in Digital Science and are treating this security incident with the diligence and seriousness it deserves. Our internal and external investigation is ongoing and this page will be updated as we have more information.
If you have any questions, please direct them to: ds-sec-comms@digital-science.com.