Published on March 19, 2022
On March 18, we learned that a bad actor compromised a HubSpot employee account. While our investigation is still underway and we continue to learn additional details, our initial assessment suggests that data was exported from fewer than 30 HubSpot portals, all of whom have been notified. At this time, we believe this to be a targeted incident focused on customers in the cryptocurrency industry. We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts. We take the privacy of our customers and their data incredibly seriously. For additional information, see this page: https://www.hubspot.com/en-us/march-2022-security-incident.
While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.