Limited HubSpot breach reminds us there’s risk in SaaS apps and data storage

HubSpot reported a relatively minor breach as U.S. customers were checking out for the holiday.

Chat with MarTechBot

HubSpot says fewer than 50 customer accounts were victims of a breach in late June, all impacted customers were notified and all has been quiet since the initial incident.

As of May 2024, HubSpot had more than 216,000 customers, so an incident that impacts fewer than 50 doesn’t seem like a big deal, unless of course you’re one of the accounts involved.

What we know: The company is not releasing many details about the incident other than the basic facts. The company said in a June 28 release that it detected a security incident on June 22, 2024, where bad actors were attempting to gain access to customer accounts without authorization.

HubSpot’s detection of the breach triggered its incident response procedures and the company notified impacted accounts. On June 28 and again on July 1, 2024, the company reported no further signs of a problem.

What’s not known at this time is whether the attack was targeting a specific group of HubSpot customers. Back in March 2022, fewer than 30 HubSpot customers were impacted by a data breach, but all of the impacted customers were in the cryptocurrency business.

Why we care: As marketers, our martech stacks are heavily reliant on cloud-based SaaS applications (like HubSpot) and cloud-based data storage from vendors like Amazon’s AWS and Google Cloud. Even on-premise applications and data are a security risk. The applications running in the cloud and the data stored there are at arm’s length from your data security professionals.

More than 80% of the data breaches recorded in 2023 involved data stored in the cloud, according to the Harvard Business Review.

Big breaches impacting millions of consumers get a great deal of attention, like those that struck Sony or Target in years past. But smaller, targeted attacks can be devastating to the businesses that have their data exposed, though they fly under the radar of the national press.

The number of reported data breaches increased 78% from 2022 to 2023. The cost of the average breach surpassed $4 million in 2023 and is up 15% since 2020.

It’s also worth noting that the attack took place in mid-June, a time when employees at many businesses in North America (where HubSpot is headquartered) are heading off to summer vacations and teams are potentially shorthanded. The end-of-year holiday season is known to see an increase in cybercrime, but summer is not without its risks. Notably, managed service provider Kaseya suffered a significant breach over the July 4th holiday in 2021


About the author

Mike Pastore
Mike Pastore has spent nearly three decades in B2B marketing, as an editor, writer, and marketer. He first wrote about marketing in 1998 for (later Jupitermedia). He then worked with marketers at some of the best-known brands in B2B tech creating content for marketing campaigns at both Jupitermedia and QuinStreet. Prior to joining Third Door Media as the Editorial Director of the MarTech website, he led demand generation at B2B media company TechnologyAdvice.

Fuel up with free marketing insights.