Security Overview

Xactly understands that the confidentiality, integrity, and availability of our customers’ information are vital to their business operations and therefore to our success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our applications, systems, and processes to meet the changing demands and challenges of security.

InfoSec Update

Dear Xactly Customers,

(12/11/2025)

Xactly is aware of the reported security incident currently impacting Gainsight and Salesforce. We are actively investigating whether this incident has any potential impact on Xactly’s systems or services.
At this time, we have no reason to believe that Xactly was materially impacted by this incident. We are conducting a thorough review as part of our standard security protocols and will provide updates if our assessment changes.

(11/26/2025)

Xactly is aware of the security incident disclosed by F5, involving unauthorized access by a threat actor to F5’s internal BIG-IP product development environment and engineering knowledge platforms.

Following an internal review, Xactly confirms that our internal network, product platform, source code repository, and customer data were NOT compromised as a result of the F5 incident. We do not utilize the specific affected F5 systems (BIG-IP, F5OS development environments) in our infrastructure.

(10/22/2025)

NPM Supply Chain Incident – No Impact to Xactly

Xactly is aware of recent reports regarding compromised NPM packages, including the Shai-Hulud attack disclosed on September 16, 2025. Our security and engineering teams have conducted a review and have confirmed that there is no indication that Xactly products and platforms have been affected by any of the impacted packages. We understand the seriousness of the NPM supply chain vulnerabilities and remain vigilant. Xactly will continue to closely monitor for any new disclosures and evolving threat intelligence related to NPM supply chain attacks, and will provide an update if our assessment changes

(9/18/2025)

Xactly utilizes Drift within our Corporate IT environment; on our corporate website. We are aware of the recent security incident involving Drift and are actively engaged in communications with the Drift team. At this time, Xactly has not been notified of any impact or breach affecting our organization.

We have conducted an internal investigation and found no evidence of any compromise or unauthorized access involving Drift or Salesforce in connection with Xactly. As a proactive precaution, we have updated credentials associated with relevant integrations.

Please be assured that all Xactly customer data remains securely housed within our production environments, which are logically separated from our Corporate IT environment.

We will continue to monitor the situation closely and will promptly update you should any pertinent information arise.

– Xactly Global Customer Support Team