Cyber Incident Victim: New Relic

In November 2023, New Relic confirmed unauthorized access to its internal staging environment, an isolated system hosting customer usage data and operational logs but not telemetry or application data from customer accounts. Attackers gained entry through stolen employee credentials obtained via large-scale social engineering campaigns unrelated to New Relic’s infrastructure. The compromised account allowed access to the staging environment, where threat actors viewed information about how customers interacted with New Relic’s platform. The company detected the intrusion two weeks prior to its November 1 disclosure and immediately revoked the affected employee’s access. Forensic analysis confirmed no lateral movement occurred from the staging environment to New Relic’s production infrastructure or customer accounts in the production environment.

New Relic activated its incident response plan, engaged third-party cybersecurity experts, and conducted a comprehensive assessment of internal systems. The investigation revealed indicators of compromise in a small number of customer accounts, though these credentials were linked to separate credential-stuffing attacks rather than the staging environment breach. As a precaution, New Relic rotated passwords and revoked API keys for potentially affected user accounts. The company implemented enhanced network access controls, deployed additional security tooling to prevent credential theft, and expanded enterprise-wide monitoring capabilities. By December 1, New Relic confirmed containment of the staging environment breach with no further unauthorized activity detected. Impacted customers received direct notifications, while unaffected users were advised no action was required. The incident did not disrupt service operations or compromise credentials stored within the staging environment.