Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
OneDigital

OneDigital Vendor Cyber Rating & Cyber Score

onedigital.com

OneDigital’s team of fierce advocates helps businesses and individuals achieve their aspirations of health, success and financial security. Our insurance, financial services and HR platform provide personalized, tech-enabled solutions for a contemporary work-life experience. Nationally recognized for our culture of caring, OneDigital’s teams enable employers and individuals to do their best work and live their best lives. More than 100,000 employers and millions of individuals rely on our teams for counsel and access to fully integrated worksite products and services and the retirement and wealth management advice provided through OneDigital Investment Advisors. Founded in 2000 and headquartered in Atlanta, OneDigital maintains offices


OneDigital A.I CyberSecurity Scoring

OneDigital
Company Information
Website:http://www.onedigital.com
Employees number:3,602
Number of followers:62,618
NAICS:5416
Industry Type:Business Consulting and Services
Homepage:onedigital.com
OneDigital Risk Score (AI oriented)
Between 650 and 699
logo
OneDigitalBusiness Consulting and Services
Updated:
10/04/2026
683/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
OneDigital Global Score (TPRM)
xxxx
logo
OneDigitalBusiness Consulting and Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

OneDigital
OneDigitalWeak
Current Score
683B (WEAK)
01000
4 incidents
-33 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
688Before Incident
JUNE 2026
687Before Incident
MAY 2026
685Before Incident
APRIL 2026
683Before Incident
MARCH 2026
682Before Incident
FEBRUARY 2026
680Before Incident
JANUARY 2026
678Before Incident
DECEMBER 2025
677Before Incident
NOVEMBER 2025
675Before Incident
OCTOBER 2025
673Before Incident
SEPTEMBER 2025
671Before Incident
AUGUST 2025
730Before Incident
Breach
28 Aug 2025OneDigital
Salesloft (Drift)

Expanded Salesloft Drift Breach Involving Google Workspace OAuth Token Compromise

669After Incident
CRITICAL-61
DRI635082925
The Salesloft Drift breach expanded beyond initial estimates, revealing that attackers exploited stolen OAuth tokens not only to access Salesforce customer instances (including sensitive tables like Cases, Accounts, Users, and Opportunities) but also to compromise a small number of Google Workspace email accounts via the Drift Email integration. The threat actors, tracked as UNC6395, scanned support tickets and messages for AWS access keys, Snowflake tokens, and passwords, likely for future extortion or lateral movement into other cloud environments. Google confirmed the breach was broader than first disclosed, affecting third-party integrations beyond Salesforce. While no Google Workspace or Alphabet systems were directly compromised, the stolen tokens were revoked, and the Drift-Google Workspace integration was disabled pending investigation. Salesloft, with assistance from Mandiant and Coalition, disabled Drift integrations with Salesforce, Slack, and Pardot as a precaution. Customers were advised to rotate all authentication tokens linked to Drift and audit connected systems for unauthorized access. The incident highlights risks in OAuth-based supply chain attacks, where compromised third-party credentials enable deep access to enterprise systems, exposing customer data, internal communications, and cloud credentials to potential misuse in follow-on attacks.
INCIDENT DETAILS -
TYPE
Data BreachUnauthorized AccessCredential TheftOAuth Token Abuse
MOTIVATION
Data ExfiltrationFuture ExtortionCloud Account Compromise
IMPACT
Salesforce Object Data (Cases, Accounts, Users, Opportunities)AWS Access KeysSnowflake TokensPasswordsGoogle Workspace Email Content (limited accounts)Salesforce InstancesGoogle Workspace Email Accounts (via Drift Email integration)Drift AI Chat IntegrationSlack Integrations (disabled)Pardot Integrations (disabled)Disabled Integrations (Drift-Salesforce/Slack/Pardot/Google Workspace)Credential Rotation RequirementsInvestigation OverheadPotential Erosion of Trust in Salesloft/Drift SecurityGoogle Workspace Association RiskHigh (due to exposed AWS/Snowflake credentials and PII in Salesforce/email)
DATA BREACH
Salesforce Object Data (Cases, Accounts, Users, Opportunities)Cloud Credentials (AWS Keys, Snowflake Tokens)Email Content (limited Google Workspace accounts)Support Tickets/MessagesSensitivity Of Data: High (credentials, PII, business-sensitive data)Potential (via Salesforce/email content)
AUGUST 2025
735Before Incident
Vulnerability
12 Aug 2025OneDigital
Salesloft and OneDigital Investment Advisors: OneDigitalData Breach

OneDigital Data Breach Exposes Client Personal Information via Compromised Drift Application

730After Incident
CRITICAL-5
DRIWEA1775795298
OneDigital Data Breach Exposes Client Personal Information via Compromised Drift Application Between August 12 and August 18, 2025, a data breach at OneDigital Investment Advisors exposed sensitive client information after threat actors compromised the Drift application a tool managed by Salesloft and integrated with Salesforce, OneDigital’s customer relationship management (CRM) platform. The breach was discovered on August 22, 2025, when Salesforce notified OneDigital of the security incident. An investigation revealed that unauthorized parties accessed and copied data, including client names and Social Security numbers. While the breach stemmed from a third-party vulnerability, OneDigital confirmed its internal networks remained unaffected. Notifications to impacted individuals began on April 8, 2026, as OneDigital filed disclosures with regulatory authorities, including the Maine Attorney General’s Office. The incident has since drawn legal scrutiny, with attorneys exploring potential class action lawsuits on behalf of affected clients to seek compensation for privacy violations, financial losses, and other damages. OneDigital, which provides insurance, financial services, and HR consulting, has not disclosed the total number of individuals affected. The breach underscores the risks of third-party integrations in enterprise software ecosystems.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Client names, Social Security numbersSystems Affected: Drift application (managed by Salesloft), Salesforce CRM integrationBrand Reputation Impact: Legal scrutiny, potential class action lawsuitsLegal Liabilities: Potential class action lawsuits, regulatory finesIdentity Theft Risk: High (Social Security numbers exposed)
DATA BREACH
Type Of Data Compromised: Personally Identifiable Information (PII)Sensitivity Of Data: High (Social Security numbers)Data Exfiltration: Yes (unauthorized access and copying of data)Personally Identifiable Information: Client names, Social Security numbers
JUNE 2022
715Before Incident
Cyber Attack
08 Jun 2022OneDigital
Digital Insurance LLC d/b/a OneDigital

Data Breach at Digital Insurance LLC (OneDigital)

693After Incident
CRITICAL-22
WEA725082025
On June 8, 2022, OneDigital (Digital Insurance LLC) experienced a data breach caused by external system hacking. The incident was reported to the Maine Office of the Attorney General on August 1, 2022, confirming that 260 individuals were affected. Among the compromised data was the Social Security Number (SSN) of at least one Maine resident, indicating exposure of sensitive personal information. The breach involved unauthorized access to the company’s systems, leading to the potential leak of employee or customer data, though the full scope of the exposed information (beyond the confirmed SSN) was not detailed. Given the nature of the attack—external hacking targeting personal identifiers—it aligns with scenarios where financial or identity fraud risks arise. The company likely faced reputational damage and regulatory scrutiny, particularly due to the involvement of government-mandated disclosures and the sensitivity of SSNs in fraud schemes. While the breach did not explicitly state large-scale financial losses or operational disruptions, the compromise of SSNs elevates the severity, as such data is a prime target for identity theft and long-term fraud. The incident underscores vulnerabilities in third-party cybersecurity defenses, especially for firms handling highly regulated personal data like insurance providers.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Social Security NumberIdentity Theft Risk: High (SSN compromised)
DATA BREACH
Personally Identifiable Information (PII)Number Of Records Exposed: 260Sensitivity Of Data: High (includes SSN)Social Security Number
JANUARY 2021
763Before Incident
Breach
20 Jan 2021OneDigital
Digital Insurance, LLC

Data Breach at Digital Insurance, LLC (OneDigital)

695After Incident
HIGH-68
WEA808072825
The Maine Office of the Attorney General reported that Digital Insurance, LLC doing business as OneDigital experienced a data breach on January 20, 2021, due to external system hacking affecting 895 individuals, including 1 Maine resident. The compromised information included Social Security Numbers. Identity theft protection services were offered through Kroll for 12 months following the incident.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Social Security Numbers
DATA BREACH
Social Security NumbersSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for OneDigital ?
?
What was OneDigital's A.I Rankiteo Cyber Score in June 2026 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in May 2026 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in April 2026 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in March 2026 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in February 2026 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in January 2026 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in December 2025 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in November 2025 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in October 2025 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in September 2025 ?
?
What was OneDigital's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on OneDigital's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with OneDigital ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view OneDigital's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?