Last year, we published Minimizing the Impact of Social Engineering Attacks with SendSafely. The core idea: you may not be able to stop a determined attacker from tricking one of your support agents, but you can absolutely limit the damage once they're in. We called this shrinking the blast radius.
The breach headlines since then have only reinforced the point.
Two Recent Examples That Should Hit Close to Home
Hims & Hers (April 2026): The telehealth company confirmed a breach of its third-party support ticketing system via a social engineering attack. Hackers walked away with customer names, contact details, and personal data pulled directly from support tickets - exactly the kind of data that accumulates quietly in every support platform over months and years.
Discord (October 2025): Hackers breached a third-party vendor Discord used for identity appeals. The result: government-issued IDs, passports, and IP addresses belonging to at least 70,000 users were exposed. These documents had been submitted through customer support and were sitting in a ticketing system.
Both breaches follow the same pattern: sensitive data collected through a support workflow, retained inside a support platform, stolen by an attacker who socially engineered their way in. Neither company is unsophisticated. But their support workflows became the weak link.
Ask yourself: If an attacker compromised one of your Zendesk agents or Salesforce case managers today, what could they access? How many tickets contain uploaded HAR files, API keys, debug logs, PII, or health data? How long has that data been sitting there? How many agents have access to all of it right now?
That's your blast radius.
How SendSafely Contains It
For teams running customer support in Zendesk, Salesforce, Freshdesk, or Intercom, and collecting sensitive data of any kind, here's what SendSafely brings to the table.
1. End-to-End Encryption - Files are encrypted on the sender's device before they leave it. No one in the middle, not your support platform, not SendSafely, not your vendor's ecosystem, can read the contents. Even a direct compromise of Salesforce or Zendesk at the platform level would leave your data unreadable.
2. Keep Data Out of the Platform - SendSafely routes files to your own cloud storage (like S3) rather than embedding them inside ticket records. A compromise of your support platform doesn't automatically mean a compromise of the files your customers shared, because those files were never there.
3. Data Expiry and Deletion You Control - Data that doesn't exist can't be stolen. SendSafely lets you set expiration and deletion policies so sensitive files don't accumulate indefinitely in ticket records. The status quo at most organizations, customer files from years ago still sitting fully accessible is a liability, not a feature.
4. Keep Sensitive Data Out of AI - Your support platform is probably using AI today. SendSafely's HALO product provides encrypted file collection that integrates with AI-powered chatbots (Zendesk AI, Agentforce, Intercom Fin, Ada, and others). The AI facilitates the conversation. HALO encrypts the file exchange. Sensitive content never flows through the AI platform unprotected or risks becoming part of a training dataset you don't control.
5. Minimum Agent Access - A compromised agent account inherits whatever access that agent had — which, in most organizations, is far more than necessary. SendSafely enforces just-in-time access at the file level: agents get access when a case is assigned to them and lose it when the case closes or is reassigned. This applies in both Salesforce and Zendesk. The blast radius of a compromised account shrinks materially.
6. IP Restrictions - Malware on a compromised employee's machine can silently exfiltrate session tokens and credentials, which are then sold or used directly from attacker-controlled infrastructure. IP whitelisting ensures that even valid stolen credentials can't be used outside your approved network, such as your corporate VPN. A stolen session token is useless if it can't be used from anywhere that matters to the attacker.
Also Worth Reading
If any portion of your support function involves third-party or outsourced agents, the risks compound further. We've published a dedicated guide: Securing Customer Data with SendSafely: A Guide for BPO Operations.
One More Thing: AI Agents Can Be Socially Engineered Too
As AI support agents become more prevalent, they introduce the same blast radius problem, but at greater speed and scale. Prompt injection and adversarial inputs are real attack vectors. SendSafely's architecture protects you here as well: because sensitive data is kept encrypted and out of the platforms your AI tools operate within, a manipulated AI agent can't expose what it was never permitted to access in the first place.
The Bottom Line
The breaches at Hims & Hers and Discord weren't caused by exotic zero-days. They happened because sensitive customer data had been accumulating inside support platforms, too many people had access to it, and one successful social engineering attempt unlocked all of it.
For any organization running Zendesk, Salesforce, Freshdesk, or Intercom-based workflows that touch sensitive data — healthcare records, PII, API keys, HAR files, government IDs — integrating SendSafely isn't a nice-to-have. It's the architecture that ensures the next breach isn't yours.
Contact us at success@sendsafely.com to learn more or schedule a live demo.
SendSafely: Integrated File Transfer for the Apps you Love
If you are looking for a secure way to send or receive files with anyone, or simply need a better way to transfer large files, our platform might be right for you.