Klue says hackers stole credential from 2022 that led to customer data breaches

Klue reported a data breach on March 11, 2024, stemming from a compromised credential used by hackers in 2022. The credential, which was part of a limited pilot program, was not revoked by Klue, allowing threat actors to access a system containing keys for customer data. This incident led to subsequent breaches of customer data. Klue stated that the compromised credential was for a "limited pilot" and that the company is investigating the full scope of the incident. The exact number of affected customers and the specific types of data accessed have not yet been disclosed, but the breach highlights a significant lapse in security protocol management. Klue is working with external cybersecurity experts to conduct a thorough investigation and implement enhanced security measures to prevent future occurrences. The company has also initiated communication with its customers to inform them about the breach and provide guidance on protecting their information.