Overview
On August 20, 2025, Salesloft published a security advisory indicating a compromise related to the Salesforce integration in its Drift AI chat platform. On August 27, 2025, Salesloft released an update confirming all Drift integrations could be affected.
At this time we are confident that our core Sophos and Secureworks systems, and particularly our Salesforce instances, are not impacted. We continue to work with our partners and 3rd parties to understand their risk in relation to Sophos' customer data. We have identified a single edge case impacting 20 customers where limited support case data was in a 3rd party system affected by this incident. Whilst the data exposed is low risk, we are in the process of contacting the affected customers.
Secureworks:
The Secureworks Drift instance and all associated integrations were decommissioned in April 2025.
Sophos:
While Sophos does utilize Drift, it was implemented without any direct connection to Salesforce, significantly reducing the risk of any impact to Sophos customer data.
In response to the advisories, we have taken precautionary steps, including:
- Rotating all secrets and revoking all trusts related to Salesloft Drift
- Reviewing and engaging with all subprocessors integrated with Drift to confirm their status
Current subprocessor status:
- Salesforce - Confirmed not impacted
- Eloqua - Awaiting vendor confirmation
- 6sense - Confirmed not impacted
We will continue to update this advisory as we learn more from our investigations.