Guy Stolero ControlUp is aware of a cybersecurity incident involving Klue, a third-party vendor used for competitive intelligence services. Based on our investigation to date, the incident resulted in unauthorized access to certain business data contained within our Salesforce environment through Klue’s integration.
Transparency with our customers is one of our core commitments. As part of that commitment, we have shared the communication below with affected customers outlining what occurred, what information may have been involved, and the actions we have taken in response.
We understand you may have questions. As our investigation continues and additional verified information becomes available, we will update this page to ensure you have the latest information. If you have any questions, please reach out to privacy@controlup.com
Email sent on June 26 2026:
Dear Valued Customer,
We’re writing to inform you of a cybersecurity incident affecting Klue, a third-party competitive intelligence vendor that ControlUp uses for internal go-to-market purposes. Earlier today, we learned that the incident previously reported on by Klue, resulted in unauthorized access to data held within ControlUp’s Salesforce environment.
We would like to emphasize that ControlUp’s solutions, production environment and all infrastructure have not been harmed or compromised.
The purpose of this email is to inform our customers of what had occurred, what it means for your information, and what we have done to ensure no additional exposure.
As previously published by Klue, the attack originated at Klue and affected the integration layer between Klue and Salesforce. ControlUp was not specifically targeted, nor did we have reason to believe any information had leaked until this morning.
Our investigation has confirmed that the unauthorized access was limited to business data held within our Salesforce CRM system and may include business contact details, subscription and product account information and sale-related communications and data. Our investigation shows no lateral movement beyond the Salesforce integration layer.
Immediately upon the notification by Klue, ControlUp disabled its Klue integration within Salesforce and completely discontinued ControlUp’s use of the Klue solutions. ControlUp also launched a full investigation of logs and events.
Please note that no action is currently required on your part. However, because the accessed data includes business contact information, we recommend remaining vigilant against unsolicited communications, including those that may appear to arrive from ControlUp.
For further details, please look to the updated blog post on our website: https://www.controlup.com/blog/klue-incident or reach out to privacy@controlup.com for specific questions.
We will continue to investigate this incident and will provide further updates if our findings change.