ACCORDING to the SEC filing, SailPoint’s identity management and governance provider incident occurred on 20 April 2026 and was immediately contained. The company said the repositories were compromised through a vulnerability in a third‑party application, and that the underlying issue has been addressed. SailPoint’s investigation, conducted with a third‑party cybersecurity firm, found no evidence that customer data in production or staging environments were accessed or that services were interrupted.
The firm also stated it had directly notified customers if their information was stored in the accessed repositories and that no further actions were required at this time. SailPoint did not share additional information on the attack or the type of data potentially compromised, and it did not name the threat actor; it remains unclear whether the incident is related to recent supply chain attacks claimed by the TeamPCP hacking group.