8x8 (EGHT) details Salesforce integration cyber incident impacting customer data
Filing Impact
Filing Sentiment
Form Type
8-K
Rhea-AI Filing Summary
8x8, Inc. reported a material cybersecurity incident involving a third-party integration to its Salesforce customer system. Between June 11 and 12, 2026, an unauthorized threat actor exploited the Klue Labs integration and accessed 8x8’s Salesforce environment.
The actor exfiltrated competitively sensitive information on current, former and prospective customers, including fragmented contract and opportunity data, sales team notes, and business contact details. 8x8, Klue and Salesforce disabled the compromised integration and removed the unauthorized access, and 8x8 is adding further security measures.
The company states that its core information systems remain operational, its ability to serve customers has not been affected, and, based on its investigation to date, it does not expect a material impact on operations, financial condition or results. 8x8 is continuing its investigation and notifying relevant regulatory authorities.
Positive
- None.
Negative
- None.
Insights
8x8 reports a third-party Salesforce-linked data breach it does not expect to be financially material.
8x8 describes a cyber incident where a threat actor exploited the Klue Labs integration to its Salesforce system and exfiltrated competitively sensitive customer information. The company emphasizes that the incident was limited to Salesforce data accessible via this integration.
Operationally, 8x8 reports no disruption to its ability to serve customers and no broader system outages. The filing notes ongoing investigation and additional security measures, as well as notifications to relevant regulators, which aligns with common incident-response expectations.
Financially, management states the incident is not expected to materially affect operations, financial condition or results, though this depends on future findings and any regulatory or customer responses. Investors may focus on future disclosures about remediation progress and any referenced regulatory interactions in subsequent company filings.
8-K Event Classification
Item 1.05 — Material Cybersecurity Incidents
1 item
Item 1.05
Material Cybersecurity Incidents
Business
A cybersecurity incident that the company has determined to be material to investors.
Key Figures
Incident access window: June 11–12, 2026
Incident discovery date: June 13, 2026
8-K signature date: June 23, 2026
3 metrics
Incident access window
June 11–12, 2026
Period when unauthorized access to Salesforce system occurred
Incident discovery date
June 13, 2026
Date 8x8 was informed of the unauthorized access
8-K signature date
June 23, 2026
Date the report was signed by the Chief Financial Officer
Key Terms
Material Cyber Security Incident, third-party application programming integration, exfiltrated, competitively sensitive information, +1 more
5 terms
Material Cyber Security Incident regulatory
"Item 1.05. Material Cyber Security Incident."
third-party application programming integration technical
"exploited the Klue Labs, Inc. (“Klue”) third-party application programming integration"
exfiltrated technical
"The threat actor gained unauthorized access and exfiltrated certain information"
competitively sensitive information financial
"The threat actor exfiltrated certain competitively sensitive information about current, former and prospective customers"
forward-looking statements regulatory
"This report contains “forward-looking statements” within the meaning of federal securities laws"
Forward-looking statements are predictions or plans that companies share about what they expect to happen in the future, like estimating sales or profits. They matter because they help investors understand a company's outlook, but since they are based on guesses and assumptions, they can sometimes be wrong.
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM | |||||||||||
CURRENT REPORT
Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934
Date of Report (Date of earliest event reported)
(Exact name of registrant as specified in its charter)
(State or other jurisdiction of incorporation) | (Commission File Number) | (I.R.S. Employer Identification Number) | ||||||||||||
(Address of principal executive offices including zip code)
(408 ) 727-1885
(Registrant's telephone number, including area code)
Not Applicable
(Former Name or Former Address, if Changed Since Last Report)
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
Securities registered pursuant to Section 12(b) of the Act:
Title of each class | Trading Symbol | Name of each exchange on which registered | ||||||||||||
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company ☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Item 1.05. Material Cyber Security Incident.
On June 13, 2026, 8x8, Inc. (the “Company” or “we”) was informed that an unauthorized third party threat actor exploited the Klue Labs, Inc. (“Klue”) third-party application programming integration connected to the Company's Salesforce, Inc. (“Salesforce”) customer relationship management system. The threat actor gained unauthorized access and exfiltrated certain information from 8x8’s Salesforce system. This unauthorized access occurred between June 11 and 12, 2026.
Upon discovery, 8x8 and Klue, with support from Salesforce, took immediate steps to disable the compromised integration and removed the unauthorized access. The threat actor exfiltrated certain competitively sensitive information about current, former and prospective customers of the Company, including fragmented contract and opportunity information, sales team notes, and contact information (names, business addresses, phone numbers and email addresses of the customers). Our investigation to date indicates that this incident was isolated to information stored in 8x8’s Salesforce system that was accessible through the Klue integration. The Company has and continues to implement additional security measures to reduce the risk of similar unauthorized access in the future.
As of the date of this report, other than the Company’s response and remediation activities, the incident has not had an impact on the Company’s business or operations. The Company’s ability to serve customers has not been impacted, and its information systems remain operational and undisrupted. We continue to investigate the extent of the incident including examining the information accessed. We are in the process of notifying the relevant regulatory authorities with respect to the unauthorized access. While the Company has determined this incident is reportable under Item 1.05 of Form 8-K due to the nature of the information accessed, based on the investigation to date, the incident is not expected to have a material impact on the Company’s operations or the Company’s financial condition or results of operations.
Forward-Looking Statements
This report contains “forward-looking statements” within the meaning of federal securities laws, including the Private Securities Litigation Reform Act of 1995, Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Any statements contained herein which do not describe historical facts, including, statements regarding plans, expectations and beliefs about the incident, the Company’s incident response, the scope and impact of the incident on the Company’s systems, customers, financial condition or results of operations, and the Company’s investigation, containment and remediation efforts, are forward-looking statements based on management’s current expectations and beliefs and involve risks and uncertainties that could cause actual results to differ materially from those discussed in such forward-looking statements, including the risk that the Company’s has underestimated the scope of or impacts from the incident, the possibility that containment and remediation efforts may not be successful and other risk and uncertainties contained in the documents filed by the Company with the Securities and Exchange Commission. The Company cautions you not to place undue reliance on any forward-looking statements, which speak only as of the date they are made and the Company disclaims any obligation to publicly update any forward-looking statements, whether as a result of new information, future events or otherwise.
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, as amended, the Registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
Date: June 23, 2026
| 8x8, Inc. | ||||||||
| By: /s/ KEVIN KRAUS | ||||||||
| Kevin Kraus | ||||||||
| Chief Financial Officer (Principal Financial Officer and Principal Accounting Officer) | ||||||||
FAQ
What cybersecurity incident did 8x8 (EGHT) disclose in this 8-K filing?
8x8 reported that an unauthorized threat actor exploited a Klue Labs integration connected to its Salesforce system. The actor accessed and exfiltrated competitively sensitive customer information, including fragmented contract data, opportunity details, sales notes and business contact information stored in 8x8’s Salesforce environment.
Which systems and data were affected in 8x8’s June 2026 cyber incident?
The incident affected information stored in 8x8’s Salesforce customer relationship management system accessible through the Klue integration. Exfiltrated data included certain competitively sensitive customer details and business contact information. The company states other information systems remain operational and were not disrupted by the incident.
Did 8x8 (EGHT) report operational disruption from the cyber incident?
8x8 states the incident has not impacted its business operations beyond response and remediation efforts. The company reports its ability to serve customers was not affected, and its information systems remain operational and undisrupted as of the report date, based on its ongoing investigation.
Does 8x8 expect a material financial impact from the cybersecurity incident?
Based on its investigation to date, 8x8 does not expect the incident to have a material impact on operations, financial condition or results. However, it characterizes the event as reportable due to the nature of the information accessed and continues to examine the incident’s full scope.
Why did 8x8 classify this as an Item 1.05 material cybersecurity incident?
8x8 determined the event was reportable under Item 1.05 because of the nature of the information accessed and exfiltrated. At the same time, it indicates that, based on current findings, the incident is not expected to materially affect its operations, financial condition or results of operations.