At Druva, we are committed to protecting customer data and operating with transparency. For these reasons, we’re sharing the following information to help our customers protect their organizations.
What Happened & What Did We Do?
Salesforce notified us of an incident affecting multiple organizations, including Druva, through the third-party Salesloft Drift application. In response, we immediately followed the guidance from Salesforce and Salesloft to disable the connections between Salesloft Drift and Salesforce and launched an investigation with our external cybersecurity experts to understand how this incident affects Druva and our customers.
The investigation is now complete and we are sharing our findings here.
Findings: No Impact to Druva Products or Customer Data
We can confirm that this issue did not involve access to any of Druva’s products, services, or underlying product infrastructure or customer data stored on Druva products. Through the investigation, we discovered evidence that an unauthorized user leveraged Salesloft’s integration into Salesforce.com to access certain information in Druva's Salesforce instance, which we use for customer support and case management, such as business contact data.
We have notified any impacted organizations. The scope of this incident is limited, and if Druva has not contacted you, there is no action required.
How Can We Help?
Our teams remain focused on supporting you with the enterprise-class service you expect. If you have any concerns or need additional assistance, please contact Druva Customer Success or Support through your existing channels.