SailPoint Confirms GitHub Repository Breach, Says No Customer Data Compromised

**On April 20, 2026, SailPoint spotted unauthorized access to a subset of its GitHub repositories, contained the breach, and found no compromise of customer data.

SailPoint provides identity governance software for enterprises. It stores configuration and code in GitHub repositories that support its products.

On April 20, 2026, SailPoint's security team detected unauthorized activity in some repositories. With help from a third-party cybersecurity firm, they traced the entry point to a vulnerability in a third-party application that had already been patched.

The investigation, aided by the same firm, found no evidence that attackers accessed customer data in production or staging environments or disrupted services.

SailPoint notified affected customers and said they need take no further action.

The incident shows that even security vendors can be exposed through supply-chain links, but rapid containment and clear communication limited potential harm. No customer data loss means the breach likely stayed confined to internal code or configuration repositories.

Organizations should enforce multi-factor authentication on all GitHub accounts, enable secret scanning and push protection, review and limit OAuth token scopes, and apply the principle of least privilege to service accounts. They should also monitor for anomalous GitHub API activity using detection rules such as MITRE ATT&CK T1078 (Valid Accounts) and T1133 (External Remote Services). Keeping third-party dependencies up to date and tracking vendor advisories helps close similar gaps.

Watch for any follow-up disclosures from SailPoint regarding the specific third-party application involved and any updates to its security posture.