The breach at Klue, the Vancouver-based competitive-intelligence platform, has metastasized into something uglier than a typical data theft. The company confirmed this week that the original hackers have begun deleting stolen customer data following what appears to be a negotiated resolution—only for separate threat actors to emerge with their own extortion demands, claiming access to the same trove.

This is not how ransomware is supposed to work, at least not according to the implicit contract that has governed the criminal ecosystem for years. The old model was transactional: pay the ransom, receive the decryption key, watch the stolen files vanish. Honor among thieves, as it were. Klue's situation suggests that model is breaking down.

The multiplication problem

What appears to have happened is a variant of what security researchers call "double extortion"—but with an additional wrinkle. The original attackers exfiltrated sensitive customer data, including competitive-intelligence briefings that Klue's enterprise clients use to track rivals. After negotiations, those criminals reportedly began deleting the data. But either the files were copied before deletion, sold to secondary actors, or the initial breach created openings that other groups exploited independently.

The result is a company caught in an extortion loop. Klue has been relatively transparent about the situation, acknowledging the new threats publicly rather than hoping they disappear. That candor is unusual—most breached companies prefer to manage these crises quietly—but it also signals desperation. When you announce that paying off one set of criminals has not ended your problems, you are effectively advertising that your leverage is gone.

Why competitive intelligence is a juicy target

Klue's product sits at a sensitive intersection. Its clients—typically enterprise sales and marketing teams—use the platform to aggregate intelligence on competitors: pricing strategies, product roadmaps, win-loss analyses. A breach of this data is not just embarrassing for Klue; it is potentially catastrophic for its customers, who may find their proprietary competitive insights in the hands of the very rivals they were tracking.

This makes Klue's data unusually monetizable on secondary markets. A garden-variety customer database has value, but competitive-intelligence files have strategic value to specific buyers. The attackers know this, which is why the extortion has not stopped.

Our take

Klue's nightmare is a preview of where enterprise cybersecurity is heading. The ransomware ecosystem has professionalized to the point where stolen data is treated as a tradable asset, copied and resold like any other commodity. Paying the ransom no longer guarantees resolution; it may simply signal that you are a payer. For companies handling sensitive competitive intelligence, the lesson is grim: assume breach, assume leakage, and assume that the criminals will not honor their word. The implicit contract is void.