Klue, a market research provider, has confirmed a massive data breach in which hackers stole sensitive information from several of its customers. The company revealed on Monday that its systems were compromised on June 12, and the hackers demanded payment to release the stolen data.
However, since then, Klue has been in communication with the hacker group, known as “Icarus.” According to Klue, Icarus claims to be deleting the stolen data. The company believes this is true, citing indications that Icarus is taking steps to erase the data.
The breach affected multiple high-profile companies, including Gong, Jamf, and LastPass. Icarus initially threatened to release the stolen customer data unless Klue paid a ransom.
But in a surprising twist, Icarus revealed that there was another group of hackers trying to extort its customers directly. This second gang posted a list of allegedly affected companies on their website, claiming they had stolen Klue’s customer data from Icarus’ servers.
Klue has assured its customers that the stolen data is only partial and that this second group claims to have made a mistake in accessing the server where the data was stored. The company advises its customers who are in touch with this second group to request a random sample of their data as proof of possession.
The breach occurred due to a 2022 third-party credential that was part of a limited pilot, which hackers used to gain access to Klue’s systems and steal sensitive authentication keys. Klue has not disclosed more details about the compromised credential or why it wasn’t revoked in the last four years.
Source: https://techcrunch.com/2026/06/25/hacked-klue-says-criminals-are-deleting-stolen-customer-data-but-now-other-hackers-are-making-threats