In April 2022, Mailchimp discovered that a malicious actor had conducted a social engineering attack on Mailchimp employees and contractors, gaining access to Mailchimp’s internal admin tool. The attackers used the access to view data from 319 Mailchimp accounts and export audience data from 102 accounts. Affected accounts included crypto-related businesses (Trezor hardware wallet — whose subscriber list was used to send phishing emails to Trezor customers), sports merchandise retailer Fanatics, WooCommerce, and others. The Trezor incident had significant downstream impact: attackers sent phishing emails to Trezor customers claiming a security breach and directing them to a fake Trezor site to enter their seed phrases — a direct attempt to steal cryptocurrency funds. Mailchimp disclosed the breach on 4 April 2022. A second Mailchimp social engineering breach occurred in August 2022, affecting DigitalOcean and others. A third breach occurred in January 2023, affecting 133 accounts. The repeated breaches at Mailchimp highlighted the difficulty of protecting SaaS platforms against social engineering targeting internal support staff who necessarily have access to customer data.