ServiceNow Discloses Customer Data Query Incident
ServiceNow warned customers of a security incident where attackers exploited an unauthenticated API endpoint flaw to query data from certain customer instances. Instances commonly contain IT tickets, employee records, and configuration data. The company deployed a fix on June 5, notified affected customers, and advised log reviews for specific suspicious activity.
- customer instance data
- IT support tickets
- employee records
ServiceNow has disclosed a security incident in which attackers exploited an unauthenticated API endpoint to query customer instance data, potentially exposing IT support tickets, employee records, and configuration details from affected organizations.
According to public reporting, the flaw allowed unauthorized access to certain customer instances that commonly store sensitive operational data. The company deployed a fix on June 5, 2026, notified impacted customers directly, and recommended they review logs for specific indicators of suspicious activity. Available reporting describes the exposed information as including IT support tickets and employee records, though the exact number of individuals affected remains unknown. The incident was first detailed by BleepingComputer and has prompted organizations to examine whether their ServiceNow environments were among those queried.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →