How to Secure Your Data During Migration – Real-World Lessons

‍

Data security is especially critical during data migration, when large volumes of sensitive information move across systems. These moments of transition create an attractive window of opportunity for attackers and pure mishaps. Recent incidents have made that risk impossible to ignore.

In June 2025, a malicious clone of Salesforce’s Data Loader tool began circulating, harvesting OAuth tokens and credentials from unsuspecting organizations. Just weeks later, Workday disclosed a breach tied to a third-party CRM platform, where attackers gathering employee contact information used social engineering to gain access. Those weren't isolated incidents: this wave of threats also impacted companies such as Allianz Life, Google, Adidas, Qantas, Chanel, Dior, Louis Vuitton, Cisco, Pandora, and Farmers Insurance, where attackers similarly exploited Salesforce-connected services via phishing and fake apps.

These breaches serve as reminders that the greatest vulnerabilities often come not from flaws in Salesforce or other enterprise software itself, but from gaps in how organizations manage tools, permissions, and monitor processes.

Why Data Security During Migration Matters More Than Ever

More than usual day-to-day operations, data migration can involve moving volumes of sensitive information, often across multiple systems, teams, and environments. Every new connection point, whether a tool, API, or integration, creates an additional surface area for attackers to exploit. And sometimes the pressure from tight migration deadlines makes the situation more precarious.

The recent breaches highlight three categories of migration risk:

• Malicious Clones and Fake Software: The malicious clone of the Salesforce Data Loader tool is a textbook example of how trust in familiar-looking software can be weaponized to access sensitive credentials.

• Misconfiguration: Even with legitimate tools, a poorly scoped OAuth setup or unsecured endpoint can leave the door wide open. Overly broad permissions are especially dangerous; they give attackers more access than they should ever have if credentials are compromised.

• Human Mistakes: The Workday breach showed how attackers posing as IT or HR staff could trick employees into granting access. Similarly, shortcuts like bypassing admin oversight or reusing credentials increase exposure.

Other Common Security Risks in Data Migration

Beyond recent incidents, organizations can face a range of common threats:

Weak Access Controls

When too many people have elevated privileges during a migration, the risk of insider misuse or accidental exposure grows. Without role-based access control (RBAC) and the principle of least privilege, organizations lose track of who can see and move what data.

Inadequate Testing and Monitoring

Rushed migrations often skip proper pre-migration testing and post-migration monitoring. This leaves blind spots where data is exposed without detection. Attackers exploit these gaps, knowing many organizations only notice breaches after the migration is complete.

Compliance and Regulatory Oversight Gaps

Data migrations often involve sensitive information covered by GDPR, HIPAA, financial regulations or other requirements. Failing to apply consistent data handling, tracing, encryption, and audit readiness during migrations creates not only security exposure but also legal and financial risk.

Best Practices for Secure Data Migration

Safe OAuth Practices

OAuth applications are one of the most common ways attackers gain footholds during migrations. The key is to use them safely and intentionally:

• Always create apps explicitly: Explicit creation of apps ensures every integration is purpose-built and reviewed.

• Apply role-based access control (RBAC): Grant only the minimum permissions needed for the task, and each user only sees what they need.

• Require admin review of every app: Every OAuth app should undergo admin approval before it connects to production data. This way the permissions are documented and tracked to prevent shadow access.

Admin Configuration is Crucial

OAuth by itself isn’t risky, it becomes risky when left unchecked. Requiring admin configuration and governance adds a crucial safeguard:

• Central governance: Admin-managed apps follow standardized policies for encryption, data retention, and authentication.

• Prevents accidental over-permission: Admins can ensure users aren’t inadvertently granting “all data” access when only a small subset is needed.

• Adds accountability and audit trails: Central oversight means every app, token, and connection is documented, logged, and tied to an accountable owner.

Prioritizing Testing & Monitoring

Security doesn’t stop once data is moved:

• Run pre-migration tests to identify misconfigurations before going live.

• Enable continuous monitoring and logging during migration to catch anomalies early.

• Conduct post-migration audits to ensure nothing was exposed along the way.

Staying Aligned with Compliance

Migrations often involve data covered by GDPR, HIPAA, or industry-specific rules. To stay secure and compliant:

• Apply encryption consistently before, during, and after migration.

• Maintain audit logs for every data movement.

• Validate that new environments meet all regulatory requirements before flipping the switch.

Training Against User Mistakes & Social Engineering

Phishing attacks and credential reuse remain the easiest way in for attackers. To minimize risk:

• Train users to recognize phishing attempts.

• Enforce strong, unique passwords with MFA everywhere.

• Avoid rushed decisions, migration projects often involve multiple teams, which makes clear security protocols vital.

How conemis Ensures Secure Data Migration by Design

conemis takes a fundamental approach to making migrations secure by design from the very beginning.

• No Universal Apps: Every connection in a conemis migration is explicit, controlled, and purpose-built. Nothing runs in the background without admin knowledge, reducing hidden risks.

• Built-in Governance and Safeguards: Security checks, permissions, and encryption are part of the core workflow, ensuring compliance is never an afterthought.

• Fine-Granular Control of Data Access: The conemis software can grant and prevent access for groups and individual migration users to any function from downloading data to local machines – or not – over running extracts to validating loads.

• Security Embedded in Methodology: Every project includes structured testing, admin oversight, and compliance readiness, so security is infused into every stage.

• Enterprise-Grade Alignment: conemis is also designed for large-scale, regulated organizations that require end-to-end data migration security, not just quick fixes.

With this approach, enterprises can move critical Salesforce and other data with confidence, knowing that security is not a layer added at the end, but a foundation of the migration itself.

Final Thoughts

Data security is no longer just an IT checklist item. The recent breaches show how one vulnerability can create a domino effect across industries and expose sensitive information far beyond an initial breach.

The safest approach is to verify every tool, every app, and every process involved in a migration. For enterprise-grade safety, a dedicated migration platform with security built in is far superior to homegrown scripts and tools. Security cannot be improvised and cannot be retrofitted once the damage is done.

👉 Interested in learning more about the Data Loader breach? Read our breakdown of the story here.

👉 Want to risk-proof your Salesforce and enterprise migrations? Learn how conemis can help you safeguard data during migration.