ServiceNow disclosed that a software bug exposed enterprise customer data to the internet, with affected customers notified that their data was accessed. No CVE has been assigned and no specific patch details are available from confirmed sources as of analysis date. Organizations using ServiceNow should proactively contact ServiceNow support to determine whether their tenant is affected and review instance audit logs for unauthorized access activity.