Today, we announced that experienced a cybersecurity incident this week. To date, our investigation has determined that the attack was limited to research reports made available to Forrester clients on There is no evidence that confidential client data, financial information, or confidential employee data was accessed or exposed as part of the incident.

Preliminary forensic evidence suggests that the hacker was ultimately detected and shut out of the system; remediation steps were taken.

Cybersecurity presents risks to all companies. We actively engage and advise our clients on how to respond to incidents. We are following the same advice we provide our clients. Part of that advice is to be transparent and disclose what we know.

In that spirit, we have provided answers to questions that you may have.

What was the nature of the attack? 

The outside hacker stole valid user credentials that gave the hacker access to The hacker used that access to steal research reports made available to our clients.

Did we detect the attack or were we notified by an outside agency?

We detected the attack as it was underway and took immediate action to stop the attack and limit impact.

Was confidential client or employee information accessed or exposed?

All forensics to date show that the incident was limited to research IP on

What did Forrester do in response?

We are strengthening our internal security processes and systems.

Have you notified the authorities?

Yes, we notified the authorities to enable law enforcement to take further action as needed.

Did our incidence response operate as planned?

Yes.  The incident triggered our system protocols and processes, allowing us to respond across our firm.

Did the incident disrupt our business?

No.  Other than the incidence response team itself, there was no disruption to the work we do for our clients.