Exclaimer, a third-party provider used by many organisations for email signature management, has been impacted by a recent data security incident.
Please note that Exclaimer’s core systems were not affected, but a third party system used by Exclaimer was compromised, causing some customer information to be leaked.
It’s important to understand what happened, what ONGC is doing to minimise risk and what your responsibilities as a customer are.
What Happened?
Exclaimer disclosed that a third-party integration used by Exclaimer, specifically the “Drift AI chatbot” owned by Salesloft, was exploited to access data connected to their Salesforce and Zendesk environments. While Exclaimer’s core systems (systems used to create signatures etc.) were not breached, the integration allowed unauthorised access to certain business contact information.
What Data Was Accessed
The exposed data includes:
- Company names and addresses
- Employee email addresses submitted in support tickets
- Ticket metadata (e.g., subject lines, issue descriptions, requester names)
It’s important to note that no passwords, financial data, or login credentials were compromised. However, the broader breach at Salesloft has led to the theft of authentication tokens used across multiple platforms (including Google Workspace, Slack, AWS, and Microsoft Azure), raising concerns about potential downstream impacts.
Potential Risks
The primary risk is phishing and social engineering attacks targeting staff using the exposed contact details. Attackers may impersonate trusted services or internal contacts to trick users into clicking malicious links or sharing sensitive information.
Our Response
At ONGC Systems, we proactively implement anti-phishing policies for all customers to minimise the risk of successful phishing attempts. For our Managed Security customers, we are also:
- Reviewing, updating and reinforcing our anti-phishing policies within Microsoft 365
- Ensuring our 24/7 Security Operations Centre (SOC) is aware of this threat and are continuously monitoring for suspicious activity
- Implement additional layers of security to minimise the risk of account compromise
- Validating that Drift integrations are not active within our managed environments
What You Should Do
We strongly recommend the following actions for your staff:
- Stay vigilant: Be cautious of unexpected emails, especially those requesting sensitive information or containing links/attachments.
- Verify sources: If unsure about a message’s legitimacy, contact the sender through known channels.
- Report incidents: Notify ONGC Systems immediately if you suspect phishing or unusual activity.
Need Help?
If you have any questions or concerns, please reach out to us.