Salesloft and OneDigital Investment Advisors: OneDigitalData Breach

OneDigital Data Breach Exposes Client Personal Information via Compromised Drift Application

Between August 12 and August 18, 2025, a data breach at OneDigital Investment Advisors exposed sensitive client information after threat actors compromised the Drift application a tool managed by Salesloft and integrated with Salesforce, OneDigital’s customer relationship management (CRM) platform. The breach was discovered on August 22, 2025, when Salesforce notified OneDigital of the security incident.

An investigation revealed that unauthorized parties accessed and copied data, including client names and Social Security numbers. While the breach stemmed from a third-party vulnerability, OneDigital confirmed its internal networks remained unaffected.

Notifications to impacted individuals began on April 8, 2026, as OneDigital filed disclosures with regulatory authorities, including the Maine Attorney General’s Office. The incident has since drawn legal scrutiny, with attorneys exploring potential class action lawsuits on behalf of affected clients to seek compensation for privacy violations, financial losses, and other damages.

OneDigital, which provides insurance, financial services, and HR consulting, has not disclosed the total number of individuals affected. The breach underscores the risks of third-party integrations in enterprise software ecosystems.

Source: https://www.classaction.org/data-breach-lawsuits/onedigital-april-2026

Drift, a Salesloft company cybersecurity rating report: https://www.rankiteo.com/company/drift

OneDigital cybersecurity rating report: https://www.rankiteo.com/company/weareonedigital

"id": "DRIWEA1775795298",
"linkid": "drift, weareonedigital",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Insurance, Financial Services, HR '
                                    'Consulting',
                        'name': 'OneDigital Investment Advisors',
                        'type': 'Company'}],
 'attack_vector': 'Third-party application compromise (Drift via '
                  'Salesloft/Salesforce integration)',
 'customer_advisories': 'Notifications to impacted individuals beginning April '
                        '8, 2026',
 'data_breach': {'data_exfiltration': 'Yes (unauthorized access and copying of '
                                      'data)',
                 'personally_identifiable_information': 'Client names, Social '
                                                        'Security numbers',
                 'sensitivity_of_data': 'High (Social Security numbers)',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'date_detected': '2025-08-22',
 'date_publicly_disclosed': '2026-04-08',
 'description': 'Between August 12 and August 18, 2025, a data breach at '
                'OneDigital Investment Advisors exposed sensitive client '
                'information after threat actors compromised the Drift '
                'application, a tool managed by Salesloft and integrated with '
                'Salesforce, OneDigital’s customer relationship management '
                '(CRM) platform. The breach was discovered on August 22, 2025, '
                'when Salesforce notified OneDigital of the security incident. '
                'An investigation revealed that unauthorized parties accessed '
                'and copied data, including client names and Social Security '
                'numbers. While the breach stemmed from a third-party '
                'vulnerability, OneDigital confirmed its internal networks '
                'remained unaffected. Notifications to impacted individuals '
                'began on April 8, 2026, as OneDigital filed disclosures with '
                'regulatory authorities, including the Maine Attorney '
                'General’s Office. The incident has since drawn legal '
                'scrutiny, with attorneys exploring potential class action '
                'lawsuits on behalf of affected clients to seek compensation '
                'for privacy violations, financial losses, and other damages.',
 'impact': {'brand_reputation_impact': 'Legal scrutiny, potential class action '
                                       'lawsuits',
            'data_compromised': 'Client names, Social Security numbers',
            'identity_theft_risk': 'High (Social Security numbers exposed)',
            'legal_liabilities': 'Potential class action lawsuits, regulatory '
                                 'fines',
            'systems_affected': 'Drift application (managed by Salesloft), '
                                'Salesforce CRM integration'},
 'initial_access_broker': {'entry_point': 'Drift application (via '
                                          'Salesloft/Salesforce integration)'},
 'post_incident_analysis': {'root_causes': 'Third-party application '
                                           'vulnerability '
                                           '(Drift/Salesloft/Salesforce '
                                           'integration)'},
 'references': [{'source': 'Maine Attorney General’s Office'}],
 'regulatory_compliance': {'legal_actions': 'Potential class action lawsuits',
                           'regulatory_notifications': 'Maine Attorney '
                                                       'General’s Office'},
 'response': {'communication_strategy': 'Notifications to impacted '
                                        'individuals, regulatory disclosures'},
 'title': 'OneDigital Data Breach Exposes Client Personal Information via '
          'Compromised Drift Application',
 'type': 'Data Breach'}