OneDigital A.I CyberSecurity Scoring
OneDigital
Company Information
Website:http://www.onedigital.com
Employees number:3,602
Number of followers:62,618
NAICS:5416
Industry Type:Business Consulting and Services
Homepage:onedigital.com
OneDigital Risk Score (AI oriented)
Between 650 and 699
OneDigitalBusiness Consulting and Services
Updated:
10/04/2026
10/04/2026
683/1000
Weak
B
OneDigital Global Score (TPRM)
xxxx
OneDigitalBusiness Consulting and Services
Score locked

OneDigitalWeak
Current Score
683B (WEAK)
01000
4 incidents
-33 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
688
JUNE 2026
687
MAY 2026
685
APRIL 2026
683
MARCH 2026
682
FEBRUARY 2026
680
JANUARY 2026
678
DECEMBER 2025
677
NOVEMBER 2025
675
OCTOBER 2025
673
SEPTEMBER 2025
671
AUGUST 2025
730
Breach
28 Aug 2025 • OneDigital
Salesloft (Drift)
Expanded Salesloft Drift Breach Involving Google Workspace OAuth Token Compromise
669
CRITICAL-61
DRI635082925
The Salesloft Drift breach expanded beyond initial estimates, revealing that attackers exploited stolen OAuth tokens not only to access Salesforce customer instances (including sensitive tables like Cases, Accounts, Users, and Opportunities) but also to compromise a small number of Google Workspace email accounts via the Drift Email integration. The threat actors, tracked as UNC6395, scanned support tickets and messages for AWS access keys, Snowflake tokens, and passwords, likely for future extortion or lateral movement into other cloud environments. Google confirmed the breach was broader than first disclosed, affecting third-party integrations beyond Salesforce. While no Google Workspace or Alphabet systems were directly compromised, the stolen tokens were revoked, and the Drift-Google Workspace integration was disabled pending investigation. Salesloft, with assistance from Mandiant and Coalition, disabled Drift integrations with Salesforce, Slack, and Pardot as a precaution. Customers were advised to rotate all authentication tokens linked to Drift and audit connected systems for unauthorized access. The incident highlights risks in OAuth-based supply chain attacks, where compromised third-party credentials enable deep access to enterprise systems, exposing customer data, internal communications, and cloud credentials to potential misuse in follow-on attacks.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
AUGUST 2025
735
Vulnerability
12 Aug 2025 • OneDigital
Salesloft and OneDigital Investment Advisors: OneDigitalData Breach
OneDigital Data Breach Exposes Client Personal Information via Compromised Drift Application
730
CRITICAL-5
DRIWEA1775795298
OneDigital Data Breach Exposes Client Personal Information via Compromised Drift Application
Between August 12 and August 18, 2025, a data breach at OneDigital Investment Advisors exposed sensitive client information after threat actors compromised the Drift application a tool managed by Salesloft and integrated with Salesforce, OneDigital’s customer relationship management (CRM) platform. The breach was discovered on August 22, 2025, when Salesforce notified OneDigital of the security incident.
An investigation revealed that unauthorized parties accessed and copied data, including client names and Social Security numbers. While the breach stemmed from a third-party vulnerability, OneDigital confirmed its internal networks remained unaffected.
Notifications to impacted individuals began on April 8, 2026, as OneDigital filed disclosures with regulatory authorities, including the Maine Attorney General’s Office. The incident has since drawn legal scrutiny, with attorneys exploring potential class action lawsuits on behalf of affected clients to seek compensation for privacy violations, financial losses, and other damages.
OneDigital, which provides insurance, financial services, and HR consulting, has not disclosed the total number of individuals affected. The breach underscores the risks of third-party integrations in enterprise software ecosystems.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2022
715
Cyber Attack
08 Jun 2022 • OneDigital
Digital Insurance LLC d/b/a OneDigital
Data Breach at Digital Insurance LLC (OneDigital)
693
CRITICAL-22
WEA725082025
On June 8, 2022, OneDigital (Digital Insurance LLC) experienced a data breach caused by external system hacking. The incident was reported to the Maine Office of the Attorney General on August 1, 2022, confirming that 260 individuals were affected. Among the compromised data was the Social Security Number (SSN) of at least one Maine resident, indicating exposure of sensitive personal information. The breach involved unauthorized access to the company’s systems, leading to the potential leak of employee or customer data, though the full scope of the exposed information (beyond the confirmed SSN) was not detailed. Given the nature of the attack—external hacking targeting personal identifiers—it aligns with scenarios where financial or identity fraud risks arise. The company likely faced reputational damage and regulatory scrutiny, particularly due to the involvement of government-mandated disclosures and the sensitivity of SSNs in fraud schemes. While the breach did not explicitly state large-scale financial losses or operational disruptions, the compromise of SSNs elevates the severity, as such data is a prime target for identity theft and long-term fraud. The incident underscores vulnerabilities in third-party cybersecurity defenses, especially for firms handling highly regulated personal data like insurance providers.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2021
763
Breach
20 Jan 2021 • OneDigital
Digital Insurance, LLC
Data Breach at Digital Insurance, LLC (OneDigital)
695
HIGH-68
WEA808072825
The Maine Office of the Attorney General reported that Digital Insurance, LLC doing business as OneDigital experienced a data breach on January 20, 2021, due to external system hacking affecting 895 individuals, including 1 Maine resident. The compromised information included Social Security Numbers. Identity theft protection services were offered through Kroll for 12 months following the incident.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for OneDigital ??
What was OneDigital's A.I Rankiteo Cyber Score in June 2026 ??
What was OneDigital's A.I Rankiteo Cyber Score in May 2026 ??
What was OneDigital's A.I Rankiteo Cyber Score in April 2026 ??
What was OneDigital's A.I Rankiteo Cyber Score in March 2026 ??
What was OneDigital's A.I Rankiteo Cyber Score in February 2026 ??
What was OneDigital's A.I Rankiteo Cyber Score in January 2026 ??
What was OneDigital's A.I Rankiteo Cyber Score in December 2025 ??
What was OneDigital's A.I Rankiteo Cyber Score in November 2025 ??
What was OneDigital's A.I Rankiteo Cyber Score in October 2025 ??
What was OneDigital's A.I Rankiteo Cyber Score in September 2025 ??
What was OneDigital's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on OneDigital's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with OneDigital ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view OneDigital's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?