I wanted to make you aware that Splunk Cloud experienced an incident that has subsequently been resolved. It impacted Splunk Cloud availability for a small number of our customers. In the late afternoon of February 9, we discovered the unauthorized use of a former employee’s credentials which permitted access to a limited portion of our cloud system. Splunk terminated that access in minutes. Based upon our investigation to date, no customer data was viewed, accessed, or taken. We have contacted law enforcement and are cooperating in the investigation.
We have notified all known affected customers, and all customers are back online. Although Splunk took immediate action to terminate the access, a small number of cloud customers had data deleted. We have identified a process that enabled the unauthorized access and immediately took corrective action. This type of access did not allow the user to view or access customer data or personally identifiable information.
Splunk is conducting a thorough review of its systems and processes. We have also retained an independent third-party who is reviewing the entire incident and Splunk’s procedures and will propose further corrective measures, if appropriate.
Our customers are our number one priority, and we apologize for the impact on affected Splunk Cloud customers.