SailPoint Discloses GitHub Repository Hack

Identity management and governance provider SailPoint has disclosed a cybersecurity incident involving its GitHub repositories. In a filing with the Securities and Exchange Commission (SEC), the company revealed that the incident occurred on April 20 and was immediately contained. “On April 20, 2026, we detected unauthorized access to a subset of our GitHub repositories. Our incident response team quickly terminated the unauthorized activity and resolved the issue,” the SEC filing reads. [ Read: Ransomware Group Takes Credit for Trellix Hack ] According to SailPoint, the repositories were compromised through a vulnerability in a third-party application. The underlying issue has been addressed, it said. SailPoint said its investigation into the incident, conducted in collaboration with a third-party cybersecurity firm, has found no evidence that “customer data in our production or staging environments were accessed or that our services were interrupted.” The company told the SEC that it had directly notified customers if their information was stored in the accessed repositories. “[We] informed our customers generally that no additional actions are required at this time,” SailPoint’s SEC filing reads. SailPoint has not shared additional information on the attack, nor on the type of data that might have been compromised. It did not name the threat actor responsible for the incident, and it’s unclear if the intrusion is related to the recent spree of software supply chain attacks claimed by the TeamPCP hacking group. SecurityWeek has emailed SailPoint for additional information on the cyberattack and will update this article if the company responds. Related: Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack Related: ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials Related: Over 500 Organizations Hit in Years-Long Phishing Campaign Related: Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Over 500 Organizations Hit in Years-Long Phishing Campaign AI Firm Braintrust Prompts API Key Rotation After Data Breach ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover Boost Security Raises $4 Million for SDLC Defense Platform Chrome 148 Rolls Out With 127 Security Fixes Vendor Says Daemon Tools Supply Chain Attack Contained Cisco Patches High-Severity Vulnerabilities in Enterprise Products Latest News Build Application Firewalls Aim to Stop the Next Supply Chain Attack Google Detects First AI-Generated Zero-Day Exploit Skoda Data Breach Hits Online Shop Customers Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested Trending Webinar: ROSI For CPS Security Programs May 13, 2026 In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Malwarebytes has named Chung Ip as Chief Financial Officer. Semperis has appointed John Podboy as Chief Information Security Officer. Randy Menon has become Chief Product and Marketing Officer at One Identity. More People On The Move Expert Insights The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Email