Acquia Trust Center

Acquia is aware of the React2Shell vulnerability and has not detected any public exposures to React2Shell at this time, but investigation is still underway. We were able to identify potential exposures on internal, non-public facing tools and immediately executed remediations. As this is an externally facing attack, we encourage all Acquia customers to review their implementations and take appropriate remediation actions.

Acquia has evaluated the RCA's published publicly and reviewed privately shared materials. At this time we are closing this event with plans underway to restore connectivity in a secure manner between Gainsight and Salesforce.

Acquia continues to monitor the guidance published by various entities associated with this event including Gainsight, Salesforce and Snowflake. At this time, Acquia has concluded its investigation and determined that no malicious activity occurred associated with the Gainsight services leveraged by Acquia. Gainsight services continue to be disconnected from all integration points including Salesforce and Snowflake.

Acquia is keeping the event open internally while we await a final incident report and RCA from Gainsight. A restoration plan is being developed to restore services and all integrations that were in place.

We appreciate those that have reached out with questions and will keep the mailbox open through the end of the year if any other questions do come up.

At Acquia we take great responsibility in protecting your data. We are aware of the Gainsight OAUTH token compromise. Gainsight is one of the technologies we use to enhance customer experience.

Immediately after the breach was made public, we initiated an investigation and procedures to prevent any further potential compromise. We revoked all connections to other Acquia systems in an effort to isolate the Gainsight incident. Acquia confirmed, shortly before being notified by Salesforce, that a single log entry was associated with the published IOCs. At this point, we are aware of this being associated only with reconnaissance.

Please be assured that Acquia takes these incidents very seriously and we will continue to investigate any potential impact on customer data. At this time, we do not see that any data has been breached. We will publish future updates here. You can also email any inquiries to gainsightinquiries@acquia.com which will be monitored until this incident is closed.

Acquia is aware of the current Shai-Hulud 2.0 supply chain attack. Acquia is monitoring the threat and investigating any recommended mitigations to our development pipelines. At this time, no identified impacts have been observed.

Acquia clients can review the Wiz Security article which details mitigations and detections that can be leveraged to monitor client development pipelines.

In alignment with Acquia's Digital Experience Platform (DXP) vision, Acquia is formally releasing the 2025 ISO27001 and CSA STAR Certificates and associated supporting Statement of Applicability today. This concludes the 2025 Surveillance Assessment process.

For the first time, Acquia Web Governance (formerly Optimize or Monsido) has been assessed against the ISO27001 and CSA frameworks and is now included within the ISMS. This demonstrates Acquia's commitment to delivering an enterprise-grade solution for Web Governance—one that provides marketers with automated tools for quality, accessibility, and compliance validation—through a clear compliance roadmap.

The scope of the Acquia Information Security Management System (ISMS) includes the full Acquia DXP, with the exception of OEM services (Search powered by SearchStax, SEO powered by Conductor, Convert powered by VWO, Edge powered by Cloudflare/Akamai/Fastly).

We have reviewed the F5 security advisory and with the information provided do not believe that Acquia is impacted by the notification. We do not use the products that the F5 October security release has updates for myF5 and the F5 advisory mentions they found no evidence that the threat actor accessed or modified the NGINX source code or product development environment. We will keep monitoring any further updates as they become available on this issue and evaluate the situation for Acquia products.