About AppFolio, Inc.
AppFolio, Inc. experienced a data breach involving unauthorized access to their customer relationship management (CRM) system, which affected personal information of individuals. This incident was linked to a security issue with Salesloft, a sales enablement software provider and a vendor of AppFolio. The breach was discovered on September 18, 2025, and involved the potential compromise of sensitive data, including names and Social Security numbers of 148 Maine residents.
What Happened
On August 22, 2025, AppFolio, Inc. (“AppFolio”), was made aware of a security incident affecting Salesloft, a provider of sales enablement software, and one of AppFolio’s vendors. This incident, which reportedly impacted hundreds of organizations, allowed unauthorized access to records in AppFolio’s CRM system between August 8 to August 18, 2025. Upon learning of the security incident, AppFolio promptly disabled all Salesloft integrations and launched an investigation. The investigation confirmed that the unauthorized access involved requests to retrieve data from the CRM system. AppFolio then worked to determine what requests were made by the unauthorized actor and what data was returned in response to the requests. The investigation confirmed that the unauthorized access involved requests to retrieve data from AppFolio’s hosted CRM system from a specific location that contained personal information; however, the investigation was not able to identify the specific records or information returned. On September 18, 2025, the investigation determined the records accessed by the unauthorized actor may have contained the names and Social Security numbers of 148 Maine residents.
The breach impacted AppFolio’s CRM system, specifically affecting 148 Maine residents, whose names and Social Security numbers were potentially exposed. The breach occurred between August 8 and August 18, 2025.
Next Steps
Affected users are encouraged to monitor their financial accounts and credit reports for any unauthorized activity. AppFolio has informed those impacted via written notification, advising vigilance against potential identity theft or fraud. Users are also advised to consider placing fraud alerts or security freezes on their credit reports as a precautionary measure to protect against identity theft.
Identity Theft Protection Services
AppFolio is offering impacted individuals one year of complimentary credit monitoring and identity protection services through Cyberscout, a TransUnion company. These services include alerts for any changes to their credit files, as well as proactive fraud assistance. Affected individuals are encouraged to enroll in these services within 90 days of receiving the notification to benefit from the protection offered. The company has also set up a dedicated call center to address any questions or concerns from those affected by the breach.