In early January 2023, CircleCI disclosed a security incident involving the compromise of a GitHub OAuth token and subsequent unauthorized access to some of its systems, affecting customer data. A malware attack on an employee's laptop enabled the theft of session cookies, allowing attackers to impersonate the employee and exfiltrate encrypted data and keys from production systems. In response, CircleCI conducted a thorough investigation with third-party specialists, rotated all potentially compromised tokens, and implemented additional security measures, such as enhanced monitoring and restricted access to production environments. Customers were advised to rotate their secrets and check for suspicious activity between mid-December 2022 and early January 2023. The company emphasized the importance of continuous security improvements and customer collaboration to prevent future incidents, committing to adopting more aggressive security practices and making advanced security features more accessible to customers.