Mandiant said the compromise resulted from a sophisticated spear-phishing campaign. According to the security incident disclosure updated on July 20, JumpCloud reported that this unauthorized access impacted fewer than five customers and fewer than ten devices.

Source: Infosecurity Magazine – Information Security & IT Security