Tungsten Automation, a leading provider of workplace automation software was the victim of a cyber attack that resulted in the theft of data on more than 5,000 individuals including current and former employees, the company disclosed on Friday.
A letter to Tungsten customers dated August 22nd and shared with Maine’s Attorney General in keeping with that state’s data privacy law revealed that Tungsten Automation discovered “suspicious activity… on its internal IT networks” on May 27th. A subsequent investigation found that “an unauthorized party accessed Tungsten’s internal IT network and obtained certain files in May 2025.”
The company’s review of its internal IT systems identified 5,556 individuals affected* by the breach, according to the report filed with the Maine Attorney General. Leaked information included the victims’ names and other, non-specified information.
In an email, a Tungsten spokesperson acknowledged that in late May, Tungsten Automation experienced “a cybersecurity incident where we detected and addressed limited network disruption within our internal IT systems.”
Tungsten said the incident did not expose “any customer or partner environments” and that “no customer or partner production data was impacted as a result of this incident.” The more than 5,000 individuals affected were current and former Tungsten employees, the statement said.
The malicious actors have been removed from Tungsten’s network and there is ” is “no ongoing unauthorized activity on our systems related to this incident,” the statement said.
Tungsten, formerly Kofax Inc. is an Irvine, California based firm that is a leading provider of workplace automation software such as invoice processing, document and workflow automation, printer and e-signature management and more. Tungsten’s Automation Platform (TAP) uses artificial intelligence (AI) to automate tasks such as document workflow orchestration and knowledge discovery. The company serves a wide range of industries including banking and financial services, healthcare, insurance, law and government. Its customers include the UK’s National Health Services (NHS) as well as the U.S. Office of Veterans Affairs.
Tungsten said it has implemented “numerous security measures designed to enhance the security of our systems and data” as well as “additional security protocols designed to enhance the security of our network,” though it did not provide details on the nature of the incident or the measures taken to respond.
While the nature of the security incident at Tungsten is unclear, both cyber criminal and state sponsored attacks on IT- and service providers to sensitive private- and public sector entities have become a common occurrence. For example, a ransomware attack on Synnovis, a pathology provider to the UK’s NHS in June resulted in severe disruptions to a number of NHS facilities.
The number of victims in the Tungsten breach is small. Around the same time as the Tungsten disclosure, Farmers Insurance revealed a breach of a third party vendor that resulted in the theft of data on an estimated 1 million customers. However, the sensitive nature of Tungsten’s technology and the high profile of many of its clients could see repercussions well beyond the relatively small number of affected current and former employees.
(*) Editor’s note: An earlier version of this story incorrectly referred to Tungsten customers as being affected by the incident. The company has subsequently clarified that no customer accounts or data were impacted and that the 5,556 individuals affected were current and former employees. The story has been corrected. PFR August 26, 2025