Klue security incident - Deel impact

We are writing to inform customers and partners about a security incident involving a portion of Deel's sales data via the compromise of a third party integration.

While the incident did not involve the Deel platform itself, it did result in unauthorized access to a portion of public, business contact, and commercial information stored in our CRM environment. We take any unauthorized access to customer information extremely seriously and are working with leading cybersecurity and legal experts to investigate the matter, support affected stakeholders, and safeguard our customers’ data.

What happened

On June 17, 2026, we confirmed that an unauthorized party had accessed business contact and commercial information stored in Deel's customer relationship management (CRM) system.

Our investigation determined that the access occurred through a compromised connection with Klue, a third-party software provider that integrated with our CRM. After confirming the activity, we immediately secured the affected connection, removed the vendor's access, and began a comprehensive investigation with the support of independent cybersecurity experts.

What information was involved

The affected information consists primarily of business-to-business contact, commercial, and public information used by our sales and marketing teams, including information such as: names, business email addresses, job titles, phone numbers, and business details. A very limited amount of personal data synced to our CRM was also compromised.

What we've done

Since confirming the incident, we have:

• Disconnected the third-party vendor and revoked its access
• Revoked active user sessions and removed older access tokens
• Engaged independent cybersecurity experts to validate our investigation
• Engaged external counsel to support with case management
• Increased monitoring across our systems
• Engaged with the relevant data protection authorities.
• Set-up a dedicated mailbox you can reach out to us with questions about this incident: klue-response@deel.com

What you can do

Because business contact information was involved, we encourage customers and partners to remain alert for unexpected emails, messages, or phone calls that reference Deel, your organization, contracts, invoices, account information, or payment requests.

Please take extra care before:

• Clicking links in unexpected communications
• Opening unsolicited attachments
• Sharing account credentials or sensitive information
• Changing payment instructions without independent verification

Deel will never ask you to provide your password by email. If you receive a communication that appears suspicious or unusual, please verify it through your normal Deel contact before taking action.

Questions and updates

If you have questions about this incident, please contact us at klue-response@deel.com We will continue to update this page as our investigation progresses and as additional information becomes available.