AI and IT News Recap: June 22, 2026: A Vendor Breach Drains Salesforce Data, the AI Talent War Escalates, and 3 Million Texans Exposed

By Noah Smith, Owner & Consultant, KeyChange Technologies · June 22, 2026

Pen-and-ink editorial illustration of a single key unlocking one cloud in a web of connected business apps, with a ribbon of documents flowing out, symbolizing a SaaS supply-chain data breach.

Welcome to your AI and IT news for June 22, 2026, covering the weekend (Friday through Sunday). It was a quiet few days for genuinely new headlines, so this is a focused recap rather than a long one. The short version: a breach at a single sales-software vendor quietly drained Salesforce data from a who's-who of tech companies, the AI talent war claimed another marquee name, and a Texas state agency exposed the personal data of more than three million people. Friday's recap has the prior context if you missed it.

📌 The AI and IT news at a glance

  • One vendor, many victims: a breach at market-intelligence platform Klue let attackers steal data from the Salesforce accounts of Recorded Future, Tanium, Jamf, Gong, and more.
  • The AI talent war escalates: Nobel laureate John Jumper is leaving Google DeepMind for Anthropic, days after a top Gemini leader jumped to OpenAI.
  • 3 million Texans exposed: a breach at a Texas Parks and Wildlife license vendor spilled driver's license and passport details for over 3 million hunting and fishing license holders.

🔝 Top story: one vendor breach, a long list of victims

A hack at sales-software firm Klue quietly drained Salesforce data from major tech companies

The most important story for business owners this weekend is a textbook supply-chain breach. Klue, a market-intelligence platform that many sales teams use to build competitive "battlecards," confirmed that attackers got in through a compromised legacy credential, one that Klue had originally created to prototype a third-party integration and then abandoned but never disabled. Using that forgotten key, the attacker harvested the OAuth tokens that connect Klue to its customers' other tools, including Salesforce, and then used those tokens to log into customer Salesforce environments and steal data at scale. Klue says it discovered the unauthorized activity on June 12, revoked the affected tokens, removed malicious code, brought in CrowdStrike, and notified law enforcement.

Over the weekend the story got bigger. A new extortion group calling itself Icarus publicly claimed the attack on its leak site, and the list of confirmed victims grew to include Recorded Future, Tanium, Jamf, Sprout Social, Gong, Huntress, and Insurity. Security firms ReliaQuest and Huntress traced how the attackers generated OAuth tokens and ran Python scripts against the Salesforce API to pull data over extended periods. The stolen information was mostly CRM content: business contacts, sales communications, price quotes, competitive-intelligence reports, and account records. Most victims stress that their own platforms and infrastructure were not breached, only the data sitting in their connected Salesforce instances.

In short: Attackers used a forgotten credential at sales-software vendor Klue to steal OAuth tokens and pull data from the Salesforce accounts of numerous well-known companies.

What it means for your business: Every SaaS tool you plug into Salesforce, Google Workspace, or Microsoft 365 holds a key to your data, and a breach at any one of them can become your breach without anyone touching your systems. The victims here are sophisticated security and tech firms, which tells you connected-app risk is hard for everyone.

My take: The scary detail is the "abandoned but still active" credential. This is the kind of thing that hides in every company: an old integration nobody turned off, a token nobody rotated. Pull up the list of connected apps in your Salesforce and Google and Microsoft admin panels, revoke anything you do not recognize or no longer use, and make "remove access when we stop using a tool" an actual step in your process.

Source: BleepingComputer

🤖 AI: the talent war escalates

Nobel laureate John Jumper is leaving Google DeepMind for Anthropic

The poaching war between the big AI labs reached a new high-water mark on Friday. John Jumper, a vice president and engineering fellow at Google DeepMind and a co-winner of the 2024 Nobel Prize in Chemistry for the AlphaFold protein-folding breakthrough, is leaving Google to join Anthropic. His exit lands just days after Noam Shazeer, a Google vice president and a co-lead of the Gemini models, announced he was leaving for OpenAI. Losing two senior, marquee researchers in the same week is a real signal about how intense the competition for elite AI talent has become.

For everyone outside the labs, the takeaway is less about any single hire and more about the churn underneath the tools you use. The people who build frontier models are moving between Google, OpenAI, and Anthropic at a pace that reshapes roadmaps, and the companies are paying enormous sums to win them. That competition tends to speed up the release of new capabilities, but it also means the lab leading on a given benchmark today may not be the one leading six months from now.

In short: Anthropic hired Google DeepMind's John Jumper, a Nobel laureate, days after Google lost a top Gemini leader to OpenAI, underscoring a fierce AI talent war.

What it means for your business: The frontier is genuinely a three-horse race, and leadership keeps trading hands. If you are choosing an AI provider, do not over-anchor on whoever looks slightly ahead this quarter, because the gap is narrow and the talent driving it is mobile.

My take: Headlines about star hires are fun, but the practical lesson is to stay flexible. Build your AI workflows so you can swap the underlying model without a rewrite, and re-evaluate which provider fits your needs a couple of times a year rather than marrying one.

Source: CNBC

🛡️ IT and security: a big government data breach

A Texas agency exposed personal data for more than 3 million people

The Texas Parks and Wildlife Department (TPWD) disclosed a breach at the outside vendor that runs its hunting and fishing license system, exposing personal information for 3,087,721 license holders. The Texas Cyber Command spotted the intrusion and investigated. The good news is that Social Security numbers, dates of birth, and financial details like credit cards were not taken. The bad news is what was: driver's license information, passport numbers, email addresses, phone numbers, and home addresses, which is plenty for criminals to build convincing phishing and impersonation scams. TPWD is offering affected customers a year of free credit monitoring and is urging them to watch for fraud.

This is, once again, a third-party breach. The state agency itself was not hacked; its license vendor was. That pattern, where your data is exposed through a partner you handed it to, is the connective tissue between this story and the Klue breach above.

In short: A breach at a Texas Parks and Wildlife license vendor exposed driver's license and passport data for over 3 million Texans, though no Social Security or financial data was taken.

What it means for your business: If you collect customer data and pass it to a vendor to process, their breach is still your customers' problem and often your reputational problem. Know who holds your data and what they are contractually required to do if they lose it.

My take: When a breach exposes driver's license and passport numbers, the long tail is identity-themed phishing. If you or your staff are among the millions here, expect "official" emails and texts about your license or your data, and treat unexpected requests for information or payment with suspicion no matter how legitimate they look.

Source: BleepingComputer

The bottom line

The thread running through the weekend is third-party risk. Two of today's three stories are breaches that happened to someone else's systems and landed on the victims anyway, whether that is a sales tool plugged into Salesforce or a state agency's license vendor. The practical move is the same in both cases: know who holds your data, kill access you no longer use, and rotate credentials before someone finds the one you forgot. On the AI side, the talent keeps moving, so keep your options open and avoid betting everything on one provider.

That is your AI and IT news for June 22, 2026. See you in the next one.