Cyber Incident Victim: SailPoint
Date:
Apr 2026
Location:
United States of America
Summary
SailPoint disclosed that unauthorized access was detected in a subset of its GitHub repositories, which was promptly contained by its incident response team. The breach stemmed from a vulnerability in a third‑party application that has since been patched. An investigation conducted with an external cybersecurity firm found no evidence that customer data in production or staging environments were accessed or that services were disrupted. The company notified affected customers that their information might have been in the accessed repositories and advised that no further action was required. SailPoint did not release details about the specific data compromised, the attack vector beyond the third‑party flaw, or the identity of the threat actor, and noted uncertainty about any connection to recent supply‑chain activity attributed to the TeamPCP group.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 20, 2026, SailPoint detected unauthorized access to a subset of its GitHub repositories. The company's incident response team quickly terminated the unauthorized activity and resolved the issue. The intrusion was identified on the same day it occurred and was immediately contained. SailPoint disclosed the incident in a filing with the Securities and Exchange Commission.
SailPoint said the repositories were compromised through a vulnerability in a third‑party application. The underlying issue has been addressed, according to the company. The investigation, carried out in collaboration with a third‑party cybersecurity firm, found no evidence that customer data in production or staging environments were accessed. It also determined that SailPoint’s services were not interrupted as a result of the breach.
SailPoint told the SEC that it had directly notified customers whose information was stored in the accessed repositories. The company informed its customers generally that no additional actions were required at this time. SailPoint has not shared further details about the attack, the type of data that might have been compromised, or the identity of the threat actor. It remains unclear whether the intrusion is connected to the recent software supply chain attacks claimed by the TeamPCP hacking group.