Gainsight Security Incident – November 2025
Updated 5 months ago
/ /
Status: No Impact to Simpplr Customer Data
Last Updated: December 1, 2025
Overview
On November 20, 2025, Gainsight, a widely used industry tool, disclosed a security incident involving unauthorized access through their Salesforce-connected applications. Gainsight and Salesforce are actively investigating the issue and providing ongoing updates.
Simpplr does not install or enable Gainsight inside customer tenants. Gainsight is used only by Simpplr internally for certain customer success analytics. As part of our standard security protocols, we immediately reviewed all related systems.
Following that review, we can confirm that there is no impact to any Simpplr customer data.
What Simpplr Has Done
As a precaution, and to ensure continued protection of customer data, Simpplr has:
- Temporarily disabled all internal integrations with Gainsight
- Reviewed our Salesforce and Snowflake access logs
- Verified that no unauthorized access or unusual activity occurred
- Continued to monitor investigation updates from Gainsight and Salesforce
These steps were taken proactively and out of an abundance of caution. We will not re-enable the Gainsight connection until Gainsight confirms it is safe to do so.
What This Means for You
- Your Simpplr tenant was not affected, and no customer data was exposed.
- Gainsight is not enabled in your Simpplr environment.
- No action is required from your team.
- If anything changes or if additional steps become necessary, Simpplr will notify you immediately.
For the latest updates from Gainsight, you may review the following public resources:
- Gainsight Status Page: https://status.gainsight.com
- Gainsight Security FAQ:
https://communities.gainsight.com/community-news-2/salesforce-security-advisory-relating-to-gainsight-faqs-29809
Frequently Asked Questions (FAQ)
1. Was my organization’s data affected by this incident?
No. Our internal investigation confirmed that no Simpplr customer data was impacted, and no unauthorized access was detected.
2. Is Gainsight installed or enabled in my Simpplr tenant?
No. Gainsight is an internal tool used by Simpplr for analytics; it is not part of customer tenants and has no access to your Simpplr environment.
3. Do we need to take any action?
No action is required. If this changes, we will notify you immediately.
4. Why does the communication mention Salesforce if we do not use Salesforce?
Salesforce is referenced because the incident occurred through Gainsight’s integration with Salesforce, not because your organization uses Salesforce.
This has no impact on your environment and requires no Salesforce-related actions.
5. Is the Gainsight integration still disabled?
Yes. Simpplr has kept the Gainsight integration fully disabled as a precaution. It will only be restored once Gainsight confirms the incident is fully resolved.
6. Can we have written confirmation for our security review?
Yes:
“Gainsight is not enabled on your Simpplr tenant, and no Simpplr customer data was impacted by the Gainsight security incident.”
7. Will Simpplr provide updates if new information becomes available?
Absolutely. We will continue to monitor Gainsight’s investigation closely and will notify customers if anything changes.
If you would like a more detailed explanation of Simpplr’s internal investigation, please reach out to Simpplr Support.
Was this article helpful?
Subscribe to receive updates on this article